package com.ibm.ws.security.auth;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.WebSphereSecurityImpl.SecurityServerImpl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.naming.PROPS;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.AuthenticationFailedException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.util.StreamHandlerUtils;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtensionFactory;
import com.ibm.ws.security.common.util.CORBAUtil;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.CSIClientProperties;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.ContextManagerPlatformInterface;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.core.WSCredentialsHelper;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.registry.UserRegistryImpl;
import com.ibm.ws.security.registry.ldap.LdapConfig;
import com.ibm.ws.security.server.SecurityServer;
import com.ibm.ws.security.token.AbstractTokenImpl;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.security.util.SASPropFile;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.util.PlatformHelper;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws.util.WSThreadLocal;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.AuthorizationToken;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.xslt4j.bcel.Constants;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.rmi.RemoteException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.naming.InitialContext;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/auth/zOSContextManagerImpl.class */
public class zOSContextManagerImpl implements ContextManagerPlatformInterface {
    private static final TraceComponent tc;
    private static WSThreadLocal threadLocStorage;
    private static boolean enableAppSyncOSThread;
    static final int GLOBAL_SERVER_CRED = 0;
    private static boolean serverRegion;
    private static boolean controllerRegion;
    private static String unauthenticatedString;
    private static long minCushion;
    private static ORB theORB;
    private static final WebSphereRuntimePermission GET_LOCALOS_SERVER_CRED_PERM;
    private static boolean enableSyncOSThread;
    private static Boolean isLocalOS;
    private static final String FACTORY_CLASS = "com.ibm.ws.security.auth.AuthCache";
    public static ContextManager ctxMgr;
    private static final WebSphereRuntimePermission MAP_CREDENTIAL;
    private static final WebSphereRuntimePermission GET_SERVER_CRED_PERM;
    private static final String SECURITY_SERVER_IMPL_CLASS = "com.ibm.ws.security.server.SecurityServerImpl";
    private static final String SECURITY_SERVER_FACTORY_CLASS = "com.ibm.ws.security.server.SecurityServerFactory";
    private static String URL_HANDLER_PROP;
    private static final String PKGNAME_DELIMITER = "|";
    static Class class$com$ibm$ws$security$auth$zOSContextManagerImpl;
    static Class class$com$ibm$ws$security$server$SecurityServer;
    static Class class$com$ibm$ws$security$auth$PlatformCredential;
    static Class class$com$ibm$websphere$security$cred$WSCredential;
    static Class class$java$lang$String;
    private String custom_jaas_config = null;
    private boolean custom_auth_mech = false;
    private Hashtable commonSecurityServerTable = new Hashtable();
    private WSLoginLocalOSExtension LoginExtension = null;
    private SecurityConfig secConfig = null;
    private SecurityServerImpl securityServer = null;
    private boolean ServerSecurityEnabled = true;
    private boolean processIsServer = false;
    private boolean gotHost = false;
    private boolean gotPort = false;
    private boolean gotClientProps = false;
    private Properties csiClientProps = new Properties();
    private WSCredentialImpl unauthCred = null;
    private String serverUniqueIdentity = null;
    private boolean serverSecurityEnabled = true;
    private String regionUserid = "";
    private String DefaultSAFRealm = "";
    private JaasLoginHelper jaasLoginHelper = null;
    private SecurityCache cache = null;
    private AuditService _auditService = null;
    private ServerCredSigner scs = null;
    private WSCredential serverBACred = null;
    private WSCredential serverTokenCred = null;
    private Subject serverBASubject = null;
    private Subject serverSubject = null;
    private PlatformCredential serverPlatformCredential = null;
    private Subject serverJ2CSubject = null;
    private Class _authCacheClass = null;
    private Method _authCacheGetInstanceMethod = null;
    private Class _securityServerImplClass = null;
    private Method _getRegistryMethod = null;
    private Class _securityServerFactoryClass = null;
    private Method _getSecurityServerCreateMethod = null;
    private Object _registryObject = null;
    private WSCredentialTokenMapperInterface wsCredTokenMapper = null;

    public zOSContextManagerImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        if (!processIsServer()) {
            try {
                System.loadLibrary("bbosec");
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public void initializePlatformData(String str, int i, String str2, int i2, int i3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializePlatformData", new Object[]{str, new Integer(i), str2, new Integer(i2), new Integer(i3)});
        }
        this.processIsServer = true;
        if (i2 == 2) {
            serverRegion = true;
            if (i == 1) {
                enableSyncOSThread = true;
            }
            if (i3 == 1) {
                enableAppSyncOSThread = true;
            }
        } else {
            controllerRegion = true;
        }
        this.regionUserid = str;
        this.DefaultSAFRealm = str2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Process is Server set to true.");
            Tr.debug(tc, "Initializing SecurityConfig.");
        }
        this.secConfig = SecurityConfig.getConfig();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializePlatformData");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void initialize(Object obj, AuditService auditService) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize", new Object[]{obj, auditService});
        }
        if (auditService != null && this._auditService == null) {
            this._auditService = auditService;
        }
        initialize(obj);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    public void initialize(Object obj) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize", obj);
        }
        if (this._auditService == null) {
            this._auditService = AuditServiceImpl.getAuditService();
        }
        if (obj == null) {
            throw new WSSecurityException("Null Object Passed in...");
        }
        if (!(obj instanceof Boolean)) {
            throw new WSSecurityException("Unexpected configuration object type");
        }
        if (processIsServer()) {
            getCache();
            this.scs = ServerCredSigner.getInstance();
        }
        isLocalOS = (Boolean) SecurityConfig.getConfig().getValue("security.use.localos.userregistry");
        if (isLocalOS == null) {
            isLocalOS = new Boolean(false);
        }
        if (isLocalOS.booleanValue()) {
            this.serverBASubject = SubjectHelper.createBasicAuthSubject(getDefaultRealm(), this.regionUserid, null);
            this.serverBACred = SubjectHelper.getWSCredentialFromSubject(this.serverBASubject);
        } else {
            SecurityConfiguration securityConfiguration = VaultImpl.getSecurityConfiguration();
            this.serverBASubject = SubjectHelper.createBasicAuthSubject(getDefaultRealm(), securityConfiguration.getloginUserid(), securityConfiguration.getloginPassword());
            this.serverBACred = SubjectHelper.getWSCredentialFromSubject(this.serverBASubject);
        }
        Subject serverSubject = getServerSubject();
        setOwnSubject(serverSubject);
        setCallerSubject(serverSubject);
        setInvocationSubject(serverSubject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    private SecurityCache getCache() {
        if (this.cache == null) {
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "getCache");
            }
            this.cache = AuthCache.getInstance();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCache");
            }
        }
        return this.cache;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean processIsServer() {
        return this.processIsServer || !getPlatformHelper().isClientJvm();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getSecurityServerHost() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityServerHost");
        }
        String securityServerHost = VaultImpl.getSecurityConfiguration().getSecurityServerHost();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityServerHost", securityServerHost);
        }
        return securityServerHost;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getSecurityServerPort() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityServerPort");
        }
        String securityServerPort = VaultImpl.getSecurityConfiguration().getSecurityServerPort();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityServerPort", securityServerPort);
        }
        return securityServerPort;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getSpecificSecurityServerHost() {
        return getAllHosts();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getSpecificSecurityServerPort() {
        return getAllPorts();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getProperty(String str) {
        Properties properties;
        Object obj = null;
        if (getRegistryObject() != null && theORB == null) {
            theORB = CORBAUtil.getORB();
        }
        if (theORB != null) {
            obj = theORB.getProperty(str);
        }
        SecurityConfig config = SecurityConfig.getConfig();
        if (obj == null) {
            obj = config.getValue(str);
        }
        if (obj == null && (properties = (Properties) config.getValue(CommonConstants.TOPLEVEL_PROPS)) != null) {
            obj = properties.get(str);
        }
        String obj2 = obj != null ? obj.toString() : null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getProperty", new Object[]{str, obj2});
        }
        return obj2;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getProperty(String str, String str2) {
        String property = getProperty(str);
        String str3 = property == null ? str2 : property;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getProperty", new Object[]{str, str2, str3});
        }
        return str3;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public AuditService getAuditService() {
        return this._auditService;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public PropagationToken setPropagationToken(String str, PropagationToken propagationToken) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPropagationToken", new Object[]{str, propagationToken});
        }
        if (str == null || propagationToken == null) {
            throw new WSSecurityException("Invalid null parameters.");
        }
        StateofSecurity threadContext = getThreadContext();
        PropagationToken propagationToken2 = threadContext != null ? threadContext.setPropagationToken(str, propagationToken) : null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPropagationToken", propagationToken2);
        }
        return propagationToken2;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public PropagationToken getPropagationToken(String str) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropagationToken", str);
        }
        if (str == null) {
            throw new WSSecurityException("Invalid null parameters.");
        }
        PropagationToken propagationToken = null;
        if (getThreadContext() != null) {
            propagationToken = getThreadContext().getPropagationToken(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPropagationToken", propagationToken);
        }
        return propagationToken;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Map getPropagationTokens() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropagationTokens");
        }
        Map map = null;
        if (getThreadContext() != null) {
            map = getThreadContext().getPropagationTokens();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPropagationTokens", map);
        }
        return map;
    }

    public void setPropagationTokenMap(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPropagationTokenMap", map);
        }
        if (getThreadContext() != null) {
            getThreadContext().setPropagationTokenMap(map);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPropgationTokenMap");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public PropagationToken createPropagationToken(Subject subject) throws WSSecurityException {
        PropagationToken createPropagationTokenBeforeAuthenticatedCallerSet;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPropagationToken", subject);
        }
        try {
            WSCredentialTokenMapperInterface wSCredTokenMapper = getWSCredTokenMapper();
            if (wSCredTokenMapper != null && subject != null) {
                createPropagationTokenBeforeAuthenticatedCallerSet = wSCredTokenMapper.createPropagationTokenFromWSCredential(SubjectHelper.getWSCredentialFromSubject(subject));
            } else {
                if (wSCredTokenMapper == null || subject != null) {
                    throw new WSSecurityException("Could not instantiate WSCredTokenMapper.");
                }
                createPropagationTokenBeforeAuthenticatedCallerSet = wSCredTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createPropagationToken", createPropagationTokenBeforeAuthenticatedCallerSet);
            }
            return createPropagationTokenBeforeAuthenticatedCallerSet;
        } catch (WSSecurityException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSSecurityException creating propagation token.");
            }
            throw e;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating propagation token.");
            }
            throw new WSSecurityException(e2.getMessage(), e2);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public Subject getUnauthenticatedSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUnauthenticatedSubject");
        }
        Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(getUnauthenticatedCredential());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUnauthenticatedSubject", createSubjectFromWSCredential);
        }
        return createSubjectFromWSCredential;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject createUnauthenticatedSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createUnauthenticatedSubject");
        }
        Subject createUnauthenticatedSubject = SubjectHelper.createUnauthenticatedSubject();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createUnauthenticatedSubject", createUnauthenticatedSubject);
        }
        return createUnauthenticatedSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getUnauthenticatedString() {
        if (unauthenticatedString == null) {
            if (isCellSecurityEnabled() && this.secConfig != null && this.secConfig.getValue("security.use.localos.userregistry") != null && ((Boolean) this.secConfig.getValue("security.use.localos.userregistry")).booleanValue()) {
                unauthenticatedString = getProperty(CommonConstants.SAF_UNAUTHENTICATED_PROPERTY);
            }
            if (unauthenticatedString == null) {
                unauthenticatedString = "UNAUTHENTICATED";
            }
        }
        return unauthenticatedString;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential getUnauthenticatedCredential() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUnauthenticatedCredential");
        }
        PlatformCredential platformCredential = null;
        if (isCellSecurityEnabled() && this.unauthCred == null) {
            String unauthenticatedString2 = getUnauthenticatedString();
            String defaultRealm = getDefaultRealm();
            if (processIsServer()) {
                String property = ContextManagerFactory.getInstance().getProperty(CommonConstants.SAF_UNAUTHENTICATED_PROPERTY);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SAFdefaultUserID", property);
                }
                Boolean bool = new Boolean(false);
                if (this.secConfig != null) {
                    Boolean bool2 = (Boolean) this.secConfig.getValue("security.use.localos.userregistry");
                    bool = bool2 == null ? Boolean.FALSE : bool2;
                }
                if (bool.booleanValue()) {
                    unauthenticatedString2 = property;
                }
                platformCredential = PlatformCredentialManager.instance().createDefaultCredential();
            }
            this.unauthCred = new WSCredentialImpl(defaultRealm, unauthenticatedString2, unauthenticatedString2, "", unauthenticatedString2, new ArrayList(), new ArrayList());
            this.unauthCred.markAsUnauthenticated();
            if (platformCredential != null) {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.unauthCred, platformCredential) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.1
                        private final WSCredential val$privCred;
                        private final PlatformCredential val$privPlatCred;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$privCred = r5;
                            this.val$privPlatCred = platformCredential;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            this.val$privCred.set(SecurityConfig.PLATFORM_CREDENTIAL, this.val$privPlatCred);
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e) {
                    Exception exception = e.getException();
                    FFDCFilter.processException(exception, "com.ibm.ws.security.zOSContextManagerImpl.getUnauthenticatedCredential", "754", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unable to set PlatformCredential", exception);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUnauthenticatedCredential", this.unauthCred);
        }
        return this.unauthCred;
    }

    public String getRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        String str = "";
        if (isCellSecurityEnabled() && processIsServer()) {
            str = (String) this.secConfig.getValue("security.activeUserRegistry.realm");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", str);
        }
        return str;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public List getRealms() {
        List list;
        try {
            list = getSecurityServer().getRealms();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getRealms", "794", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception during getRealms(): ", new Object[]{e});
            }
            list = null;
        }
        return list;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public UserRegistry getRegistry(String str) {
        UserRegistry userRegistry;
        try {
            userRegistry = getSecurityServer().getRegistry(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getRegistry", "813", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception during getRegistry(): ", new Object[]{e});
            }
            userRegistry = null;
        }
        return userRegistry;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public String getDefaultRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultRealmName");
        }
        return getRealm();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isServerSubject(Subject subject) {
        return isServerCred(SubjectHelper.getWSCredentialFromSubject(subject));
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isWSSubject(Subject subject) throws WSSecurityException {
        return isWSCred(SubjectHelper.getWSCredentialFromSubject(subject));
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isServerCred(WSCredential wSCredential) {
        return ((WSCredentialImpl) wSCredential).isServerCred();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isWSCred(WSCredential wSCredential) throws WSSecurityException {
        return ((WSCredentialImpl) wSCredential).isWSCred();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(WSCredential wSCredential) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", wSCredential);
        }
        if (!isCellSecurityEnabled() || wSCredential == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        checkAuthRetryForThread();
        try {
            if (wSCredential.isBasicAuth()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authenticating userid/password credential.");
                }
                Subject login = login(wSCredential.getRealmName(), wSCredential.getSecurityName(), StringBytesConversion.getConvertedString(wSCredential.getCredentialToken()));
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", login);
                }
                return login;
            }
            if (wSCredential.isCurrent()) {
                Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(wSCredential);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", createSubjectFromWSCredential);
                }
                return createSubjectFromWSCredential;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Credential is not current.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", "Credential is not current");
            }
            throw new WSLoginFailedException("Credential is not current.");
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "904", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSLoginFailedException occurred.", new Object[]{e});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e);
            }
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "911", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "authenticate failed: ", dump(e2));
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e2.getMessage(), e2);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, str2});
        }
        Subject login = login(str, str2, (String) null, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "login", login);
        }
        return login;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws WSLoginFailedException {
        return login(str, str2, str3, httpServletRequest, httpServletResponse, map, (Subject) null);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, Subject subject) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, str2, str3, httpServletRequest, httpServletResponse, map, subject});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(MAP_CREDENTIAL.toString()).toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        if (!isCellSecurityEnabled()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        if (!processIsServer()) {
            return null;
        }
        checkAuthRetryForThread();
        Object obj = null;
        List list = null;
        try {
            Subject subjectFromHashtableCacheKey = getSubjectFromHashtableCacheKey(subject);
            if (subjectFromHashtableCacheKey == null && (this.secConfig.isRMIInboundPropagationEnabled() || this.secConfig.isRMIOutboundPropagationEnabled() || this.secConfig.isWebInboundPropagationEnabled())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for opaque token in thread before doing Subject lookup.");
                }
                list = (ArrayList) get(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup());
                Object[] subjectFromTokenHolderCacheKey = getSubjectFromTokenHolderCacheKey(null, list);
                if (subjectFromTokenHolderCacheKey != null) {
                    subjectFromHashtableCacheKey = (Subject) subjectFromTokenHolderCacheKey[0];
                    obj = (String) subjectFromTokenHolderCacheKey[1];
                }
            }
            if (subjectFromHashtableCacheKey == null && list == null && !getWSCredTokenMapper().subjectContainsLoginHashtable(subject)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for Subject using realm:user.");
                }
                subjectFromHashtableCacheKey = getCache().getSubject(str, str2);
            }
            Subject validateCachedSubject = validateCachedSubject(subjectFromHashtableCacheKey, true);
            if (validateCachedSubject == null) {
                validateCachedSubject = str3 == null ? getJaasLoginHelper().jaas_login(str, str2, (String) null, subject) : httpServletRequest == null ? getJaasLoginHelper().jaas_login(str, str2, (String) null, str3, subject) : getJaasLoginHelper().jaas_login(str, str2, (String) null, str3, httpServletRequest, httpServletResponse, map, subject);
                if (this.secConfig.isWebInboundPropagationEnabled() && str3 != null && str3.equals(this.secConfig.getWebInboundLoginConfig())) {
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(validateCachedSubject);
                    if (wSCredentialFromSubject.isForwardable()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Adding opaque token for accessID \"").append(wSCredentialFromSubject.getAccessId()).append("\" to the distributed cache.").toString());
                        }
                        try {
                            SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(validateCachedSubject);
                            if (defaultSSOTokenFromSubject != null) {
                                Object byteArray = new ByteArray(defaultSSOTokenFromSubject.getBytes());
                                Object createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(validateCachedSubject);
                                long expiration = wSCredentialFromSubject.getExpiration() - System.currentTimeMillis();
                                if (expiration > 0) {
                                    int i = (int) (expiration / 1000);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("timeToLive in seconds: ").append(i).toString());
                                    }
                                    putDistributedObject(byteArray, createOpaqueTokenFromSubject, i);
                                }
                            }
                        } catch (Exception e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception adding opaque authz token to distributed cache.", new Object[]{e});
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSCredential is not forwardable, not adding to distributed cache.");
                    }
                }
                if (obj != null) {
                    getCache().insert(validateCachedSubject, new Object[]{obj});
                } else {
                    getCache().insert(validateCachedSubject);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", validateCachedSubject);
            }
            return validateCachedSubject;
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1066", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e2).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e2);
            }
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1073", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e3)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e3.getMessage(), e3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2, String str3) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = str3 == null ? null : "******";
            Tr.entry(traceComponent, "login", objArr);
        }
        if (str2 == null || str2.length() == 0 || str3 == null || str3.length() == 0) {
            throw new WSLoginFailedException("Username and/or password is null.");
        }
        if (!isCellSecurityEnabled()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        checkAuthRetryForThread();
        try {
            if (processIsServer()) {
                Subject validateCachedSubject = validateCachedSubject(getCache().getSubject(str, str2, str3), true);
                if (validateCachedSubject == null) {
                    validateCachedSubject = getJaasLoginHelper().jaas_login(str, str2, str3, (Subject) null);
                    getCache().insert(validateCachedSubject, str3);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", validateCachedSubject);
                }
                return validateCachedSubject;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Processing a Native Client");
            }
            WSCredential createBasicAuthCredential = createBasicAuthCredential(str, str2, str3);
            boolean z = true;
            this.csiClientProps = getClientProperties();
            String property = this.csiClientProps.getProperty(SASPropFile.VALIDATE_BASIC_AUTH);
            if (null != property && property.equals("false")) {
                z = false;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("validateBasicAuth: ").append(z).toString());
            }
            if (!z) {
                return SubjectHelper.createSubjectFromWSCredential(createBasicAuthCredential);
            }
            try {
                if (!((Boolean) runAsSpecified(SubjectHelper.createUnauthenticatedSubject(), new PrivilegedExceptionAction(this, str2, str3, str) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.2
                    private final String val$user;
                    private final String val$password;
                    private final String val$realm;
                    private final zOSContextManagerImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$user = str2;
                        this.val$password = str3;
                        this.val$realm = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new Boolean(this.this$0.getSecurityServer().simple_authenticate(new BasicAuthData(this.val$user, this.val$password, this.val$realm)));
                    }
                })).booleanValue()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "login(realm, user, password)");
                    }
                    throw new WSLoginFailedException(new StringBuffer().append("Failed to authenticate ").append(createBasicAuthCredential.getRealmSecurityName()).toString());
                }
                if (!getServerSecurityEnabled()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Server Security NOT Enabled .. set cred=null");
                    }
                    createBasicAuthCredential = null;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", "returning Subject");
                }
                return SubjectHelper.createSubjectFromWSCredential(createBasicAuthCredential);
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                FFDCFilter.processException(exception, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1148", this);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", exception);
                }
                if (exception instanceof WSLoginFailedException) {
                    throw exception;
                }
                throw new WSLoginFailedException(exception.getMessage(), exception);
            }
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1184", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e2).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e2);
            }
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1194", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e3)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e3.getMessage(), e3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws WSLoginFailedException {
        return login(str, str2, str3, str4, httpServletRequest, httpServletResponse, map, null);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, Subject subject) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[8];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = str3 == null ? null : "******";
            objArr[3] = str4;
            objArr[4] = httpServletRequest;
            objArr[5] = httpServletResponse;
            objArr[6] = map;
            objArr[7] = subject;
            Tr.entry(traceComponent, "login", objArr);
        }
        if (str2 == null || str2.length() == 0 || str3 == null || str3.length() == 0) {
            throw new WSLoginFailedException("Username and/or password is null.");
        }
        if (!isCellSecurityEnabled()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        checkAuthRetryForThread();
        try {
            if (!processIsServer()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing a Native Client");
                }
                WSCredential createBasicAuthCredential = createBasicAuthCredential(str, str2, str3);
                boolean z = true;
                this.csiClientProps = getClientProperties();
                String property = this.csiClientProps.getProperty(SASPropFile.VALIDATE_BASIC_AUTH);
                if (null != property && property.equals("false")) {
                    z = false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("validateBasicAuth: ").append(z).toString());
                }
                if (!z) {
                    return SubjectHelper.createSubjectFromWSCredential(createBasicAuthCredential);
                }
                try {
                    if (!((Boolean) runAsSpecified(SubjectHelper.createUnauthenticatedSubject(), new PrivilegedExceptionAction(this, str2, str3, str) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.3
                        private final String val$user;
                        private final String val$password;
                        private final String val$realm;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$user = str2;
                            this.val$password = str3;
                            this.val$realm = str;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return new Boolean(this.this$0.getSecurityServer().simple_authenticate(new BasicAuthData(this.val$user, this.val$password, this.val$realm)));
                        }
                    })).booleanValue()) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "login", new StringBuffer().append("Failed to authenticate ").append(createBasicAuthCredential.getRealmSecurityName()).toString());
                        }
                        throw new WSLoginFailedException(new StringBuffer().append("Failed to authenticate ").append(createBasicAuthCredential.getRealmSecurityName()).toString());
                    }
                    if (!getServerSecurityEnabled()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Server Security NOT Enabled .. set cred=null");
                        }
                        createBasicAuthCredential = null;
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "login", "returning Subject");
                    }
                    return SubjectHelper.createSubjectFromWSCredential(createBasicAuthCredential);
                } catch (PrivilegedActionException e) {
                    Exception exception = e.getException();
                    FFDCFilter.processException(exception, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1276", this);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "login", exception);
                    }
                    if (exception instanceof WSLoginFailedException) {
                        throw exception;
                    }
                    throw new WSLoginFailedException(exception.getMessage(), exception);
                }
            }
            Subject subject2 = null;
            List list = null;
            Object obj = null;
            if (this.secConfig.isRMIInboundPropagationEnabled() || this.secConfig.isRMIOutboundPropagationEnabled() || this.secConfig.isWebInboundPropagationEnabled()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for opaque token on the thread before Subject cache lookup.");
                }
                list = (ArrayList) get(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup());
                Object[] subjectFromTokenHolderCacheKey = getSubjectFromTokenHolderCacheKey(null, list);
                if (subjectFromTokenHolderCacheKey != null) {
                    subject2 = (Subject) subjectFromTokenHolderCacheKey[0];
                    obj = (String) subjectFromTokenHolderCacheKey[1];
                }
            }
            if (list == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for subject from cache using token as lookup.");
                }
                subject2 = getCache().getSubject(str, str2, str3);
            }
            Subject validateCachedSubject = validateCachedSubject(subject2, true);
            if (validateCachedSubject == null) {
                validateCachedSubject = str4 == null ? getJaasLoginHelper().jaas_login(str, str2, str3, subject) : httpServletRequest == null ? getJaasLoginHelper().jaas_login(str, str2, str3, str4, subject) : getJaasLoginHelper().jaas_login(str, str2, str3, str4, httpServletRequest, httpServletResponse, map, subject);
                if (this.secConfig.isWebInboundPropagationEnabled() && str4 != null && str4.equals(this.secConfig.getWebInboundLoginConfig())) {
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(validateCachedSubject);
                    if (wSCredentialFromSubject.isForwardable()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Adding opaque token for accessID \"").append(wSCredentialFromSubject.getAccessId()).append("\" to the distributed cache.").toString());
                        }
                        try {
                            SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(validateCachedSubject);
                            if (defaultSSOTokenFromSubject != null) {
                                Object byteArray = new ByteArray(defaultSSOTokenFromSubject.getBytes());
                                Object createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(validateCachedSubject);
                                long expiration = wSCredentialFromSubject.getExpiration() - System.currentTimeMillis();
                                if (expiration > 0) {
                                    int i = (int) (expiration / 1000);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, new StringBuffer().append("timeToLive in seconds: ").append(i).toString());
                                    }
                                    putDistributedObject(byteArray, createOpaqueTokenFromSubject, i);
                                }
                            }
                        } catch (Exception e2) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception adding opaque authz token to distributed cache.", new Object[]{e2});
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSCredential is not forwardable, not adding to distributed cache.");
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("login insert subject in cache ").append(validateCachedSubject).toString());
                }
                if (obj != null) {
                    getCache().insert(validateCachedSubject, str3, new Object[]{obj});
                } else {
                    getCache().insert(validateCachedSubject, str3);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", validateCachedSubject);
            }
            return validateCachedSubject;
        } catch (WSLoginFailedException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1394", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e3).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e3);
            }
            throw e3;
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1404", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e4)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e4.getMessage(), e4);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, bArr});
        }
        Subject login = login(str, bArr, (String) null, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "login", login);
        }
        return login;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, byte[] bArr, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, bArr, str2, httpServletRequest, httpServletResponse, map});
        }
        Subject login = login(str, bArr, str2, httpServletRequest, httpServletResponse, map, (Subject) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "login", login);
        }
        return login;
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public Subject login(String str, X509Certificate[] x509CertificateArr, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) throws WSLoginFailedException {
        Subject subject = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("login ").append(new Object[]{str, x509CertificateArr, str2, httpServletRequest, httpServletResponse, hashMap}).toString());
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(MAP_CREDENTIAL.toString()).toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        try {
            Object byteArray = new ByteArray(x509CertificateArr[0].getEncoded());
            try {
                subject = getCache().getSubject(byteArray);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.ContextManagerImpl", "1483", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cache Exception, not fatal, but Unfortunate", new Object[]{e});
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Subject returned from cache ").append(subject).toString());
            }
            Subject validateCachedSubject = validateCachedSubject(subject, true);
            if (validateCachedSubject == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No valid Subject returned in cache, must get an ID and login");
                }
                if (null == str) {
                    str = getDefaultRealm();
                }
                try {
                    String str3 = (String) runAsSystem(new PrivilegedExceptionAction(this, x509CertificateArr) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.4
                        private final X509Certificate[] val$certs_final;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$certs_final = x509CertificateArr;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            try {
                                UserRegistryImpl userRegistryImpl = (UserRegistryImpl) com.ibm.ws.security.server.SecurityServerImpl.getRegistryImpl(ContextManagerFactory.getInstance().getDefaultRealm());
                                if (userRegistryImpl != null) {
                                    return userRegistryImpl.mapCertificate(this.val$certs_final);
                                }
                                return null;
                            } catch (Exception e2) {
                                FFDCFilter.processException(e2, "com.ibm.ws.security.ContextManagerImpl", "1520", this);
                                if (zOSContextManagerImpl.tc.isDebugEnabled()) {
                                    Tr.debug(zOSContextManagerImpl.tc, "Exception getting Mapped Credential : ", new Object[]{e2});
                                }
                                throw e2;
                            }
                        }
                    });
                    if (null == str3) {
                        throw new WSLoginFailedException("Map Certificate function could not be performed");
                    }
                    try {
                        put(SecurityConfig.CACHEKEY_ZDATA, byteArray);
                        validateCachedSubject = str2 == null ? getJaasLoginHelper().jaas_login(str, str3, null, null) : httpServletRequest == null ? getJaasLoginHelper().jaas_login(str, str3, null, str2, null) : getJaasLoginHelper().jaas_login(str, str3, null, str2, httpServletRequest, httpServletResponse, hashMap, null);
                        if (isLocalOS.booleanValue()) {
                        }
                        try {
                            try {
                                getCache().insert(validateCachedSubject);
                                put(SecurityConfig.CACHEKEY_ZDATA, null);
                            } catch (Throwable th) {
                                put(SecurityConfig.CACHEKEY_ZDATA, null);
                                throw th;
                            }
                        } catch (Exception e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.security.ContextManagerImpl", "1562", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception inserting Subject to Cache, non-fatal : ", new Object[]{e2});
                            }
                            put(SecurityConfig.CACHEKEY_ZDATA, null);
                        }
                    } catch (WSLoginFailedException e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.auth.ContextManagerImpl.login", "1570", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("login failed: ").append(e3).toString());
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "login(realm, certs[], auth_mech, req, resp, appContext, subject)");
                        }
                        throw e3;
                    } catch (Exception e4) {
                        FFDCFilter.processException(e4, "com.ibm.ws.security.auth.ContextManagerImpl.login", "1575", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e4)).toString());
                        }
                        WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e4.getMessage(), e4);
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "login(realm, certs[], auth_mech, req, resp, appContext, subject)");
                        }
                        throw wSLoginFailedException;
                    }
                } catch (PrivilegedActionException e5) {
                    throw new WSLoginFailedException(e5.getException().getMessage());
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("certificateLogin returns").append(validateCachedSubject).toString());
            }
            return validateCachedSubject;
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.ContextManagerImpl", "1473", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting X509 Certificates: ", new Object[]{e6});
            }
            throw new WSLoginFailedException(e6.getMessage());
        }
    }

    public Subject login(String str, String str2, Object obj, String str3) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("login with zCredToken: Credential Token ").append(obj).toString());
        }
        if (null == obj) {
            throw new WSLoginFailedException("ContextManagerImpl.login with null zCredToken");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Create a new Platform Credential: passing in the CredentialToken");
        }
        PlatformCredential createCredential = PlatformCredentialManager.instance().createCredential(str2);
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(MAP_CREDENTIAL.toString()).toString());
            }
            securityManager.checkPermission(MAP_CREDENTIAL);
        }
        if (null == str) {
            str = getDefaultRealm();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Logging in to get a new subject");
        }
        try {
            Subject jaas_login = getJaasLoginHelper().jaas_login(str, str2, (String) null, null);
            if (jaas_login != null) {
                WSCredentialImpl wSCredentialImpl = (WSCredentialImpl) SubjectHelper.getWSCredentialFromSubject(jaas_login);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Add Platform Credential created from zCredToken, override default with :").append(obj).toString());
                }
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredentialImpl, createCredential) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.5
                        private final WSCredential val$privCred;
                        private final PlatformCredential val$privPlatCred;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$privCred = wSCredentialImpl;
                            this.val$privPlatCred = createCredential;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws CredentialDestroyedException, CredentialExpiredException {
                            this.val$privCred.set(SecurityConfig.PLATFORM_CREDENTIAL, this.val$privPlatCred);
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e.getException(), "com.ibm.ws.security.ContextManagerImpl", "1651", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception setting PlatformCredential : ", new Object[]{e.getException()});
                    }
                    throw e.getException();
                }
            }
            try {
                getCache().insert(jaas_login);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.ContextManagerImpl", "1663", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception inserting Subject to Cache, non-fatal : ", new Object[]{e2});
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("WS390Credential Token login returns").append(jaas_login).toString());
            }
            return jaas_login;
        } catch (WSLoginFailedException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.ContextManagerImpl.login", "1668", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e3).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login(realm, user, . . .)");
            }
            throw e3;
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.auth.ContextManagerImpl.login", "1673", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e4)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e4.getMessage(), e4);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login(realm, user, . . .)");
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, byte[] bArr, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map, Subject subject) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, bArr, str2, httpServletRequest, httpServletResponse, map, subject});
        }
        if (!isCellSecurityEnabled() || bArr == null || bArr.length == 0) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        if (!processIsServer()) {
            return null;
        }
        checkAuthRetryForThread();
        try {
            if (!processIsServer()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "login", "Token can not be validated on a pure client or authentication target is basic authen");
                }
                throw new WSLoginFailedException("Token can not be validated on a pure client or authentication target is basic authen");
            }
            List list = null;
            Object obj = null;
            Subject subject2 = null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Web inbound login config: ").append(this.secConfig.getWebInboundLoginConfig()).toString());
            }
            if (this.secConfig.isRMIInboundPropagationEnabled() || this.secConfig.isRMIOutboundPropagationEnabled() || this.secConfig.isWebInboundPropagationEnabled()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for opaque token on the thread before Subject cache lookup.");
                }
                list = (ArrayList) get(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup());
                Object[] subjectFromTokenHolderCacheKey = getSubjectFromTokenHolderCacheKey(bArr, list);
                if (subjectFromTokenHolderCacheKey != null) {
                    subject2 = (Subject) subjectFromTokenHolderCacheKey[0];
                    obj = (String) subjectFromTokenHolderCacheKey[1];
                }
            }
            if (list == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Looking for subject from cache using token as lookup.");
                }
                subject2 = getCache().getSubject(bArr);
            }
            if (subject2 == null && this.secConfig.isRMIOutboundPropagationEnabled() && this.secConfig.isWebInboundPropagationEnabled() && str2 != null && str2.equals(this.secConfig.getWebInboundLoginConfig())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting distributed object from DynaCache.");
                }
                ByteArray byteArray = new ByteArray(bArr);
                byte[] bArr2 = (byte[]) getDistributedObject(byteArray);
                if (bArr2 == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Not found in DynaCache, getting distributed object using MBean.");
                    }
                    Token validateLTPAToken = getWSCredTokenMapper().validateLTPAToken(bArr);
                    String[] attributes = validateLTPAToken.getAttributes("process.serverName");
                    String[] attributes2 = validateLTPAToken.getAttributes("type");
                    String[] attributes3 = validateLTPAToken.getAttributes("host");
                    String[] attributes4 = validateLTPAToken.getAttributes("port");
                    Properties properties = new Properties();
                    if (byteArray != null && attributes2 != null && attributes3 != null && attributes4 != null && attributes != null && attributes[0] != null) {
                        properties.setProperty("type", attributes2[0]);
                        properties.setProperty("host", attributes3[0]);
                        properties.setProperty("port", attributes4[0]);
                        bArr2 = getOpaqueTokenFromMBean(byteArray, attributes[0], properties);
                    }
                }
                if (bArr2 != null) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting token holder list from opaque token.");
                        }
                        Object createTokenHolderListFromOpaqueToken = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(bArr2);
                        if (createTokenHolderListFromOpaqueToken != null) {
                            put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Failed to get token holder list.");
                        }
                    } catch (WSSecurityException e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Failed to get token holder list.", new Object[]{e});
                        }
                    }
                    subject2 = str2 == null ? getJaasLoginHelper().jaas_login(bArr, subject) : httpServletRequest == null ? getJaasLoginHelper().jaas_login(bArr, str2, subject) : getJaasLoginHelper().jaas_login(bArr, str2, httpServletRequest, httpServletResponse, map, subject);
                    if (subject2 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding propagation login Subject to cache.");
                        }
                        getCache().insert(subject2);
                    }
                }
            }
            Subject validateCachedSubject = validateCachedSubject(subject2, false);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Before jaas_login Subject is: ").append(validateCachedSubject).toString());
            }
            if (validateCachedSubject == null) {
                validateCachedSubject = str2 == null ? getJaasLoginHelper().jaas_login(bArr, subject) : httpServletRequest == null ? getJaasLoginHelper().jaas_login(bArr, str2, subject) : getJaasLoginHelper().jaas_login(bArr, str2, httpServletRequest, httpServletResponse, map, subject);
                if (validateCachedSubject != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding new Subject to cache.");
                    }
                    if (obj != null) {
                        getCache().insert(validateCachedSubject, new Object[]{obj, bArr});
                    } else {
                        getCache().insert(validateCachedSubject, new Object[]{bArr});
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", validateCachedSubject);
            }
            return validateCachedSubject;
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1858", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e2).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e2);
            }
            throw e2;
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "1865", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e3)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e3.getMessage(), e3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    private Object[] getSubjectFromTokenHolderCacheKey(byte[] bArr, List list) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubjectFromTokenHolderCacheKey");
        }
        Subject subject = null;
        String str = null;
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                TokenHolder tokenHolder = (TokenHolder) list.get(i);
                if (tokenHolder.getName().equals(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY)) {
                    byte[] bytes = tokenHolder.getBytes();
                    if (bytes != null) {
                        str = StringBytesConversion.getConvertedString(bytes);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Found cache key from token holder list: ").append(str).toString());
                        }
                        subject = this.cache.getSubject(str);
                    }
                    if (subject != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found Subject using cacheKey from prop token.");
                        }
                        if (bArr != null) {
                            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
                            SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(subject);
                            if (!((wSCredentialFromSubject != null && Arrays.equals(bArr, wSCredentialFromSubject.getCredentialToken())) || (defaultSSOTokenFromSubject != null && Arrays.equals(bArr, defaultSSOTokenFromSubject.getBytes())))) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Subject found from cacheKey does not have matching LTPA token.");
                                }
                                subject = null;
                            }
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubjectFromTokenHolderCacheKey");
        }
        if (subject != null) {
            return new Object[]{subject, str};
        }
        return null;
    }

    private Subject getSubjectFromHashtableCacheKey(Subject subject) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubjectFromHashtableCacheKey");
        }
        Subject subject2 = null;
        Object obj = null;
        if (subject != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Look for Cache Key in subject");
            }
            obj = (String) getWSCredTokenMapper().getCacheKeyFromHashtable(subject);
        }
        if (obj == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CacheKey Still null, see if a CacheKey was set on the thread by CSIV2 code");
            }
            obj = get(SecurityConfig.CACHEKEYATTRIBUTE);
        }
        if (obj != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Looking for Subject using cacheKey (").append(obj).append(") from hashtable.").toString());
            }
            subject2 = obj instanceof byte[] ? getCache().getSubject((byte[]) obj) : getCache().getSubject(obj);
            if (subject2 != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Subject using TAI cacheKey.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubjectFromHashtableCacheKey");
        }
        return subject2;
    }

    private void processSubjectForPropagationAfterLogin(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processSubjectForPropagationAfterLogin", subject);
        }
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            if (wSCredentialFromSubject.isForwardable()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Adding opaque token for accessID \"").append(wSCredentialFromSubject.getAccessId()).append("\" to the distributed cache.").toString());
                }
                SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(subject);
                if (defaultSSOTokenFromSubject != null) {
                    ByteArray byteArray = new ByteArray(defaultSSOTokenFromSubject.getBytes());
                    byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(subject);
                    long expiration = wSCredentialFromSubject.getExpiration() - System.currentTimeMillis();
                    if (expiration > 0) {
                        int i = (int) (expiration / 1000);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("timeToLive in seconds: ").append(i).toString());
                        }
                        putDistributedObject(byteArray, createOpaqueTokenFromSubject, i);
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WSCredential is not forwardable, not adding to distributed cache.");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception adding opaque authz token to distributed cache.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.processSubjectForPropagationAfterLogin", "2033", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "processSubjectForPropagationAfterLogin");
        }
    }

    private void getOpaqueTokenFromCacheOrOriginatingServer(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueTokenFromCacheOrOriginatingServer", bArr);
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Getting distributed object from DynaCache.");
            }
            ByteArray byteArray = new ByteArray(bArr);
            byte[] bArr2 = (byte[]) getDistributedObject(byteArray);
            if (bArr2 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Not found in DynaCache, getting distributed object using MBean.");
                }
                Token validateLTPAToken = getWSCredTokenMapper().validateLTPAToken(bArr);
                String[] attributes = validateLTPAToken.getAttributes("process.serverName");
                String[] attributes2 = validateLTPAToken.getAttributes("java.naming.provider.url");
                String[] attributes3 = validateLTPAToken.getAttributes("type");
                String[] attributes4 = validateLTPAToken.getAttributes("host");
                String[] attributes5 = validateLTPAToken.getAttributes("port");
                if (((String) SecurityConfig.getConfig().getValue(SecurityConfig.WEB_PROPAGATION_SERVER_TRANSPORT)).equals(SecurityConfiguration.DefaultWebPropagationTransport) && attributes2 != null) {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put("java.naming.provider.url", attributes2[0]);
                    hashtable.put(LdapConfig.INITIAL_CTX_FACTORY, PROPS.INITIAL_CONTEXT_FACTORY);
                    bArr2 = getOpaqueTokenFromCorbaObject(byteArray, hashtable);
                } else if (byteArray != null && attributes3 != null && attributes4 != null && attributes5 != null && attributes != null && attributes[0] != null) {
                    Properties properties = new Properties();
                    properties.setProperty("type", attributes3[0]);
                    properties.setProperty("host", attributes4[0]);
                    properties.setProperty("port", attributes5[0]);
                    bArr2 = getOpaqueTokenFromMBean(byteArray, attributes[0], properties);
                }
            }
            if (bArr2 != null) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting token holder list from opaque token.");
                    }
                    Object createTokenHolderListFromOpaqueToken = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(bArr2);
                    if (createTokenHolderListFromOpaqueToken != null) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "Token holder list has been set on the thread.");
                        }
                        put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to get token holder list.");
                    }
                } catch (WSSecurityException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to get token holder list.", new Object[]{e});
                    }
                }
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.getSubjectFromDynaCacheOrOriginatingServer", "2115", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting opaque token from originating server.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOpaqueTokenFromCacheOrOriginatingServer");
        }
    }

    private byte[] getOpaqueTokenFromMBean(ByteArray byteArray, String str, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueTokenFromMBean", new Object[]{str, properties});
        }
        byte[] bArr = null;
        try {
            bArr = (byte[]) runAsSystem(new PrivilegedExceptionAction(this, byteArray, str, properties) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.6
                private final ByteArray val$ssoToken;
                private final String val$serverName;
                private final Properties val$connectorProps;
                private final zOSContextManagerImpl this$0;

                {
                    this.this$0 = this;
                    this.val$ssoToken = byteArray;
                    this.val$serverName = str;
                    this.val$connectorProps = properties;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    try {
                        return this.this$0.getWSCredTokenMapper().getOpaqueTokenFromMBean(this.val$ssoToken, this.val$serverName, this.val$connectorProps);
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getOpaqueTokenFromMBean", "2145", this);
                        if (!zOSContextManagerImpl.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(zOSContextManagerImpl.tc, "Exception getting opaque token from originating server.");
                        return null;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.auth.zOSContextManagerImpl.getOpaqueTokenFromMBean", "2160", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting opaque token from originating server.", new Object[]{e.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOpaqueTokenFromMBean", bArr);
        }
        return bArr;
    }

    private byte[] getOpaqueTokenFromCorbaObject(ByteArray byteArray, Hashtable hashtable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueTokenFromCorbaObject", new Object[]{byteArray, hashtable});
        }
        byte[] bArr = null;
        try {
            bArr = (byte[]) runAsSpecified(getUnauthenticatedSubject(), new PrivilegedExceptionAction(this, hashtable, byteArray) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.7
                private final Hashtable val$connectorProps;
                private final ByteArray val$ssoToken;
                private final zOSContextManagerImpl this$0;

                {
                    this.this$0 = this;
                    this.val$connectorProps = hashtable;
                    this.val$ssoToken = byteArray;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Class cls;
                    TokenHolder opaqueToken;
                    try {
                        Object lookup = new InitialContext(this.val$connectorProps).lookup(com.ibm.ws.security.util.Constants.SECURITY_SERVER);
                        if (lookup == null) {
                            return null;
                        }
                        if (zOSContextManagerImpl.class$com$ibm$ws$security$server$SecurityServer == null) {
                            cls = zOSContextManagerImpl.class$("com.ibm.ws.security.server.SecurityServer");
                            zOSContextManagerImpl.class$com$ibm$ws$security$server$SecurityServer = cls;
                        } else {
                            cls = zOSContextManagerImpl.class$com$ibm$ws$security$server$SecurityServer;
                        }
                        SecurityServer securityServer = (SecurityServer) PortableRemoteObject.narrow(lookup, cls);
                        if (securityServer == null || (opaqueToken = securityServer.getOpaqueToken(this.val$ssoToken)) == null) {
                            return null;
                        }
                        if (zOSContextManagerImpl.tc.isDebugEnabled()) {
                            Tr.debug(zOSContextManagerImpl.tc, "Returning byte[] from getOpaqueTokenFromCorbaObject.");
                        }
                        return opaqueToken.getBytes();
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getOpaqueTokenFromCorbaObject", "2208", this);
                        if (!zOSContextManagerImpl.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(zOSContextManagerImpl.tc, "Exception getting opaque token from originating server.", new Object[]{e});
                        return null;
                    }
                }
            });
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getOpaqueTokenFromCorbaObject", "2223", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting opaque token from originating server.", new Object[]{e});
            }
        } catch (PrivilegedActionException e2) {
            FFDCFilter.processException(e2.getException(), "com.ibm.ws.security.auth.zOSContextManagerImpl.getOpaqueTokenFromCorbaObject", "2228", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting opaque token from originating server.", new Object[]{e2.getException()});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOpaqueTokenFromCorbaObject", bArr);
        }
        return bArr;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject login(String str, Object obj, Subject subject) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login", new Object[]{str, obj, subject});
        }
        if (!isCellSecurityEnabled() || obj == null || subject == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "login", null);
            return null;
        }
        if (this.secConfig == null || !processIsServer()) {
            return null;
        }
        try {
            Subject jaas_login = getJaasLoginHelper().jaas_login(str, obj, subject);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", jaas_login);
            }
            return jaas_login;
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "2258", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(e).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", e);
            }
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.login", "2265", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login failed: ").append(dump(e2)).toString());
            }
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e2.getMessage(), e2);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject getServerSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerSubject");
        }
        Subject subject = null;
        if (isCellSecurityEnabled() && processIsServer()) {
            if (this.serverSubject == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "BOOTSTRAP MODE: Returning BasicAuth server subject");
                }
                subject = this.serverBASubject;
            } else {
                subject = getServerSubjectInternal();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerSubject", subject);
        }
        return subject;
    }

    public synchronized Subject getServerSubjectInternal() throws WSSecurityException {
        Subject login;
        int i = 0;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerSubjectInternal");
        }
        if (!isCellSecurityEnabled() || !processIsServer()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            if (isCellSecurityEnabled()) {
                Tr.exit(tc, "getServerSubjectInternal", "Caller is native client.  Returning null server subject");
                return null;
            }
            Tr.exit(tc, "getServerSubjectInternal", "Cell Security NOT Enabled.  Returning null serverSubject");
            return null;
        }
        if (getRegistryObject() == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "BOOTSTRAP MODE: Returning unauthenticated server subject.");
            }
            return getUnauthenticatedSubject();
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(GET_SERVER_CRED_PERM.toString()).toString());
            }
            securityManager.checkPermission(GET_SERVER_CRED_PERM);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("serverTokenCred=").append(this.serverTokenCred).toString());
        }
        Object obj = null;
        if (this.serverTokenCred != null && !this.serverTokenCred.isDestroyed()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "serverTokenCred is valid");
            }
            long j = 0;
            try {
                long expiration = this.serverTokenCred.getExpiration();
                if (expiration == -1 || expiration == 0) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getServerSubjectInternal", this.serverSubject);
                    }
                    return this.serverSubject;
                }
                long currentTimeMillis = System.currentTimeMillis();
                long j2 = expiration - currentTimeMillis;
                long reqTimeout = getReqTimeout();
                String str = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
                if (str.equals(SecurityConfig.AUTH_MECHANISM_ICSF)) {
                    j = 60000 * ((Long) SecurityConfig.getConfig().getValue("was.security.ISCF.timeout")).longValue();
                } else if (str.equals("LTPA")) {
                    j = 60000 * ((Long) SecurityConfig.getConfig().getValue("security.ltpa.expirydate")).longValue();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("authTimeout = ").append(j).toString());
                }
                if (reqTimeout > j) {
                    reqTimeout = j / 10;
                }
                if (reqTimeout < 25000) {
                    reqTimeout = 25000;
                }
                long j3 = j2 - reqTimeout;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("[time_remaining]").append(j3).append(" = [expiration]").append(expiration).append(" - [current_time]").append(currentTimeMillis).append(" - [cushion]").append(reqTimeout).toString());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Server cred time remaining = ").append(j3).toString());
                }
                if (j3 > 0) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getServerSubjectInternal", this.serverSubject);
                    }
                    return this.serverSubject;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Server time_remaining <= 0");
                }
                try {
                    obj = ((AuthCache) getCache()).get(new StringBuffer().append(getDefaultRealm()).append(":").append((String) this.secConfig.getValue("security.serverId")).toString());
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getServerSubjectInternal", "2424", this);
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.getServerSubjectInternal", "2400", this);
                Tr.error(tc, "security.SecurityContext.getActualCreds", new Object[]{e2});
                throw new WSSecurityException(e2.getMessage(), e2);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "serverTokenCred was expired, destroyed or null");
        }
        PlatformCredential platformCredential = null;
        new Boolean(false);
        Boolean bool = (Boolean) this.secConfig.getValue("security.use.localos.userregistry");
        if (bool == null || !bool.booleanValue()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "useLocalReg is false, Login again with server's Userid and Password");
            }
            try {
                login = login(getDefaultRealm(), (String) this.secConfig.getValue("security.serverId"), (String) this.secConfig.getValue("security.serverPasswd"));
                this.serverSubject = login;
                try {
                    if (controllerRegion) {
                        i = 0;
                    }
                    if (i != 0) {
                        Tr.error(tc, "security.zOS.ContextManager.ServerSubjectInternal.error");
                        throw new WSSecurityException(new StringBuffer().append("Problem NSC private Cred for Server Credential: EJBRunAs.getServerCredential() return code ").append(i).toString());
                    }
                    platformCredential = PlatformCredentialManager.instance().createCredential(this.regionUserid);
                } catch (Exception e3) {
                    throw new WSSecurityException(new StringBuffer().append("Problem NSC private Cred for Server Credential: throwing exception ").append(e3).toString());
                }
            } catch (Exception e4) {
                throw new WSSecurityException(new StringBuffer().append("Server reauthentication failed: exception").append(e4).toString());
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "useLocalReg is true");
            }
            String regionId = getRegionId();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Using LocalOS Registy, build a server credential from Userid: ").append(regionId).toString());
            }
            try {
                login = login(getDefaultRealm(), regionId);
                this.serverSubject = login;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("serverSubject is ").append(this.serverSubject.toString()).toString());
                }
            } catch (Exception e5) {
                throw new WSSecurityException(new StringBuffer().append("couldn't build server credential: exception").append(e5).toString());
            }
        }
        this.serverTokenCred = SubjectHelper.getWSCredentialFromSubject(this.serverSubject);
        ((WSCredentialImpl) this.serverTokenCred).markServerCred();
        setServerSubject(this.serverSubject);
        if (bool == null || !bool.booleanValue()) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "adding Platform Credential to Server Subject");
                }
                AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.serverTokenCred, platformCredential) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.8
                    private final WSCredential val$privCred;
                    private final PlatformCredential val$privPlatCred;
                    private final zOSContextManagerImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$privCred = r5;
                        this.val$privPlatCred = platformCredential;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws CredentialDestroyedException, CredentialExpiredException {
                        this.val$privCred.set(SecurityConfig.PLATFORM_CREDENTIAL, this.val$privPlatCred);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e6) {
                FFDCFilter.processException(e6.getException(), "com.ibm.ws.security.zOSContextManagerImpl", "2531", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting PlatformCredential : ", new Object[]{e6.getException()});
                }
            }
        }
        WSCredential wSCredential = this.serverTokenCred;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("serverTokenCred is ").append(this.serverTokenCred).toString());
        }
        if (this.serverTokenCred != null) {
            if (wSCredential != null && !wSCredential.isBasicAuth() && (this.secConfig.isRMIInboundPropagationEnabled() || this.secConfig.isRMIOutboundPropagationEnabled() || this.secConfig.isWebInboundPropagationEnabled())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Updating server Subject with new wsCred token, auth token and authz token.");
                }
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("subjectPriv=").append(this.serverSubject).toString());
                    }
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredential, this.serverSubject) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.9
                        private final WSCredential val$newCredPriv;
                        private final Subject val$subjectPriv;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$newCredPriv = wSCredential;
                            this.val$subjectPriv = r6;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws WSLoginFailedException, WSSecurityException {
                            Cloneable createAuthzTokenFromWSCredential = this.this$0.getWSCredTokenMapper().createAuthzTokenFromWSCredential(this.val$newCredPriv);
                            Cloneable createAuthTokenFromWSCredential = this.this$0.getWSCredTokenMapper().createAuthTokenFromWSCredential(this.val$newCredPriv);
                            for (Object obj2 : this.val$subjectPriv.getPrivateCredentials()) {
                                if (obj2 instanceof AuthorizationToken) {
                                    ((AbstractTokenImpl) obj2).setToken(((AbstractTokenImpl) createAuthzTokenFromWSCredential).getToken());
                                } else if (obj2 instanceof AuthenticationToken) {
                                    ((AbstractTokenImpl) obj2).setToken(((AbstractTokenImpl) createAuthTokenFromWSCredential).getToken());
                                }
                            }
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e7) {
                    FFDCFilter.processException(e7.getException(), "com.ibm.ws.security.auth.zOSContextManagerImpl.getServerSubject", "2591", this);
                    setRootException(e7.getException());
                    throw new WSSecurityException(e7.getException().getMessage(), e7.getException());
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("serverTokenCred=").append(this.serverTokenCred).append(" serverSubject=").append(login).toString());
            }
            this.serverTokenCred = wSCredential;
            this.serverSubject = login;
            this.serverSubject.setReadOnly();
            getCache().insert(this.serverSubject);
            if (obj != null) {
                try {
                    if (obj instanceof CacheObject) {
                        ((AuthCache) getCache()).removeEntry((CacheObject) obj);
                    }
                } catch (Exception e8) {
                    FFDCFilter.processException(e8, "com.ibm.ws.security.auth.zOSContextManagerImpl.getServerSubjectInternal", "2612", this);
                }
            }
        }
        if (this.serverTokenCred == null) {
            Tr.error(tc, "security.authn.error.owncred");
            throw new WSSecurityException("Authentication Failed");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerSubjectInternal", this.serverSubject);
        }
        return this.serverSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public synchronized WSCredential getServerCredential() throws WSSecurityException {
        if (isCellSecurityEnabled() && (this.secConfig == null || !processIsServer())) {
            return null;
        }
        if (null == this.serverTokenCred) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getServerCredential forcing retrieval of ServerSubject");
            }
            getServerSubject();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("getServerCredential returning").append(this.serverTokenCred.toString()).toString());
        }
        return this.serverTokenCred;
    }

    private synchronized void setServerSubject(Subject subject) throws WSSecurityException {
        WSCredential wSCredential = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerSubject", subject);
        }
        if (null != subject) {
            wSCredential = SubjectHelper.getWSCredentialFromSubject(subject);
            ((WSCredentialImpl) wSCredential).markServerCred();
        }
        this.serverTokenCred = wSCredential;
        this.serverSubject = subject;
        getThreadContext().setServerSubject(subject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerSubject");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject pushInvocationSubject(Subject subject) throws WSSecurityException {
        if (!isCellSecurityEnabled()) {
            return null;
        }
        try {
            Subject invocationSubject = getInvocationSubject();
            setInvocationSubject(subject);
            return invocationSubject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.pushInvocationSubject", "2706", this);
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void popInvocationSubject(Subject subject) throws WSSecurityException {
        if (isCellSecurityEnabled()) {
            try {
                setInvocationSubject(subject);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.popInvocationSubject", "2724", this);
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject pushReceivedSubject(Subject subject) throws WSSecurityException {
        if (!isCellSecurityEnabled()) {
            return null;
        }
        try {
            Subject callerSubject = getCallerSubject();
            setCallerSubject(subject);
            return callerSubject;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.pushReceivedSubject", "2742", this);
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void popReceivedSubject(Subject subject) throws WSSecurityException {
        if (isCellSecurityEnabled()) {
            try {
                setCallerSubject(subject);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.popReceivedSubject", "2760", this);
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public void setThreadLocalApplicationSyncEnabled(boolean z) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("setApplicationSync setting flag to ").append(z).toString());
        }
        getThreadContext().setApplicationSyncToOSThreadEnabled(z);
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public boolean isThreadLocalApplicationSyncEnabled() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getting Application Sync flag");
        }
        if (processIsServer()) {
            return getThreadContext().isApplicationSyncToOSThreadEnabled();
        }
        return false;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void clearRootException() {
        setRootException(null);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setRootException(Throwable th) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setRootException", th);
        }
        getThreadContext().set_root_exception(th);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setRootException");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Throwable getRootException() {
        return getThreadContext().get_root_exception();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject getCallerSubject() throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "entering getCallerSubject");
        }
        if (true == processIsServer() && null == getRegistryObject()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "still in bootstrap mode, getCallerSubject returning null");
            }
            return null;
        }
        Subject callerSubject = getThreadContext().getCallerSubject();
        if (tc.isDebugEnabled()) {
            if (null == callerSubject) {
                Tr.debug(tc, "getCallerSubject returning NULL");
            } else {
                Tr.debug(tc, new StringBuffer().append("getCallerSubject returning ").append(callerSubject.toString()).toString());
            }
        }
        return callerSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setCallerSubject(Subject subject) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            if (null == subject) {
                Tr.debug(tc, "setCallerSubject setting NULL value");
            } else {
                Tr.debug(tc, new StringBuffer().append("setCallerSubject setting ").append(subject.toString()).toString());
            }
        }
        getThreadContext().setCallerSubject(subject);
        setFirstAuthUser(subject);
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public String getFirstAuthUser() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getFirstAuthUser");
        }
        String firstAuthUser = getThreadContext().getFirstAuthUser();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getFirstAuthUser", firstAuthUser);
        }
        return firstAuthUser;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public void setFirstAuthUser(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setFirstAuthUser", subject);
        }
        StateofSecurity threadContext = getThreadContext();
        if (subject != null && !threadContext.getAuthFlag()) {
            if (!SubjectHelper.getWSCredentialFromSubject(subject).isUnauthenticated() && !isServerSubject(subject)) {
                threadContext.setAuthFlag(true);
            }
            PlatformCredential platformCredFromSubject = getPlatformCredFromSubject(subject);
            String str = null;
            if (platformCredFromSubject != null) {
                str = platformCredFromSubject.getUserId();
            }
            threadContext.setFirstAuthUser(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setFirstAuthUser");
        }
    }

    public PlatformCredential getPlatformCredFromSubject(Subject subject) {
        Class cls;
        Class cls2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPlatformCredFromSubject", subject);
        }
        PlatformCredential platformCredential = null;
        if (subject != null) {
            if (class$com$ibm$ws$security$auth$PlatformCredential == null) {
                cls = class$("com.ibm.ws.security.auth.PlatformCredential");
                class$com$ibm$ws$security$auth$PlatformCredential = cls;
            } else {
                cls = class$com$ibm$ws$security$auth$PlatformCredential;
            }
            Iterator it = subject.getPrivateCredentials(cls).iterator();
            if (it.hasNext()) {
                platformCredential = (PlatformCredential) it.next();
            }
            if (platformCredential == null) {
                WSCredential wSCredential = null;
                if (class$com$ibm$websphere$security$cred$WSCredential == null) {
                    cls2 = class$("com.ibm.websphere.security.cred.WSCredential");
                    class$com$ibm$websphere$security$cred$WSCredential = cls2;
                } else {
                    cls2 = class$com$ibm$websphere$security$cred$WSCredential;
                }
                Iterator it2 = subject.getPublicCredentials(cls2).iterator();
                if (it2.hasNext()) {
                    wSCredential = (WSCredential) it2.next();
                }
                if (wSCredential != null) {
                    try {
                        platformCredential = (PlatformCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredential) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.10
                            private final WSCredential val$wsc;
                            private final zOSContextManagerImpl this$0;

                            {
                                this.this$0 = this;
                                this.val$wsc = wSCredential;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return this.val$wsc.get(SecurityConfig.PLATFORM_CREDENTIAL);
                            }
                        });
                    } catch (PrivilegedActionException e) {
                        Exception exception = e.getException();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Unable to get PlatformCredential", exception);
                        }
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPlatformCredFromSubject", platformCredential);
        }
        return platformCredential;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean callerSubjectIsServerIdentity() {
        if (this.serverUniqueIdentity == null) {
            try {
                this.serverUniqueIdentity = SubjectHelper.getWSCredentialFromSubject(getServerSubject()).getRealmUniqueSecurityName();
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.distContextManagerImpl.callerSubjectIsServerIdentity", "2996", this);
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "getServerSubject() failed; callerSubjectIsServerIdentity returning false", e);
                return false;
            } catch (CredentialExpiredException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.auth.distContextManagerImpl.callerSubjectIsServerIdentity", "3001", this);
                if (!tc.isDebugEnabled()) {
                    return false;
                }
                Tr.debug(tc, "getRealmUniqueSecurityName() on server credential failed; callerSubjectIsServerIdentity returning false", e2);
                return false;
            }
        }
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(getCallerSubject());
            if (wSCredentialFromSubject == null) {
                return false;
            }
            if (wSCredentialFromSubject.isCurrent() && !wSCredentialFromSubject.isUnauthenticated()) {
                try {
                    String realmUniqueSecurityName = wSCredentialFromSubject.getRealmUniqueSecurityName();
                    if (realmUniqueSecurityName != null && realmUniqueSecurityName.equals(this.serverUniqueIdentity)) {
                        if (!tc.isDebugEnabled()) {
                            return true;
                        }
                        Tr.debug(tc, "callerSubjectIsServerIdentity returning true");
                        return true;
                    }
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.auth.distContextManagerImpl.callerSubjectIsServerIdentity", "3029", this);
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "getRealmUniqueSecurityName() failed; callerSubjectIsServerIdentity returning false", e3);
                    return false;
                }
            }
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "callerSubjectIsServerIdentity returning false");
            return false;
        } catch (WSSecurityException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.auth.distContextManagerImpl.callerSubjectIsServerIdentity", "3011", this);
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "getCallerSubject() failed; callerSubjectIsServerIdentity returning false", e4);
            return false;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject getInvocationSubject() throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "entering getInvocationSubject");
        }
        if (true == processIsServer() && null == getRegistryObject()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "still in bootstrap mode, getInvocationSubject returning null");
            }
            return null;
        }
        Subject invocationSubject = getThreadContext().getInvocationSubject();
        if (tc.isDebugEnabled()) {
            if (null == invocationSubject) {
                Tr.debug(tc, "getInvocationSubject returning NULL");
            } else {
                Tr.debug(tc, new StringBuffer().append("getInvocationSubject returning ").append(invocationSubject.toString()).toString());
            }
        }
        return invocationSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setInvocationSubject(Subject subject) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            if (null == subject) {
                Tr.debug(tc, "setInvocationSubject setting NULL value");
            } else {
                Tr.debug(tc, new StringBuffer().append("setInvocationSubject setting ").append(subject.toString()).toString());
            }
        }
        getThreadContext().setInvocationSubject(subject);
        setFirstAuthUser(subject);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void addWSSubjectToCache(Subject subject) throws WSSecurityException {
        if (subject != null && processIsServer() && isWSSubject(subject)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding WSSubject to cache.");
            }
            getCache().insert(subject);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Subject getOwnSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOwnSubject");
        }
        StateofSecurity threadContext = getThreadContext();
        Subject ownSubject = threadContext.getOwnSubject();
        if (ownSubject == null) {
            String realm = getRealm();
            String loginUserID = CSIClientProperties.getLoginUserID();
            String loginPassword = CSIClientProperties.getLoginPassword();
            if (loginUserID != null && loginUserID.length() > 0) {
                ownSubject = SubjectHelper.createSubjectFromWSCredential(createBasicAuthCredential(realm, loginUserID, loginPassword));
                threadContext.setOwnSubject(ownSubject);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOwnSubject", ownSubject);
        }
        return ownSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setOwnSubject(Subject subject) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setOwnSubject", subject);
        }
        getThreadContext().setOwnSubject(subject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setOwnSubject");
        }
    }

    private void checkAuthRetryForThread() {
        Boolean bool = (Boolean) get("wssecurity.disableauthretry");
        if (bool == null || !bool.booleanValue()) {
            return;
        }
        getThreadContext().set_authretry_for_jaas(false);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object get(String str) {
        if (isCellSecurityEnabled()) {
            return getThreadContext().get_property(str);
        }
        return null;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object put(String str, Object obj) {
        if (isCellSecurityEnabled()) {
            return getThreadContext().set_property(str, obj);
        }
        return null;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean contains(String str) {
        if (isCellSecurityEnabled()) {
            return getThreadContext().contains_property(str);
        }
        return false;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object runAsSystem(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(null, privilegedExceptionAction, "System");
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object runAsReceivedClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(null, privilegedExceptionAction, "ReceivedClient");
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object runAsClient(PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(null, privilegedExceptionAction, com.ibm.ws.webservices.engine.Constants.FAULT_CLIENT);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object runAsSpecified(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(subject, privilegedExceptionAction, "Specified");
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public Object runAsSpecified(WSCredential wSCredential, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return runAs(SubjectHelper.createSubjectFromWSCredential(wSCredential), privilegedExceptionAction, "Specified");
    }

    /* JADX WARN: Removed duplicated region for block: B:109:0x012c  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x01c8  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.Object runAs(javax.security.auth.Subject r8, java.security.PrivilegedExceptionAction r9, java.lang.String r10) throws java.security.PrivilegedActionException {
        /*
            Method dump skipped, instructions count: 649
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.auth.zOSContextManagerImpl.runAs(javax.security.auth.Subject, java.security.PrivilegedExceptionAction, java.lang.String):java.lang.Object");
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSPrincipal createPrincipal(WSCredential wSCredential) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPrincipal", wSCredential);
        }
        WSPrincipal createPrincipal = SubjectHelper.createPrincipal(wSCredential);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createPrincipal", createPrincipal);
        }
        return createPrincipal;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void initializeSystemContext() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSystemContext");
        }
        try {
            if (!StreamHandlerUtils.queryProvider("safkeyring")) {
                StreamHandlerUtils.addProvider("safkeyring", "com.ibm.crypto.provider.safkeyring.Handler");
            }
        } catch (Throwable th) {
        }
        StateofSecurity stateofSecurity = new StateofSecurity();
        if (serverRegion || controllerRegion) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this, stateofSecurity) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.11
                    private final StateofSecurity val$threadContext;
                    private final zOSContextManagerImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$threadContext = stateofSecurity;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        PlatformCredential createServerCredential = PlatformCredentialManager.instance().createServerCredential();
                        this.val$threadContext.setServerPlatformCred(createServerCredential);
                        this.val$threadContext.setOSThreadPlatformCred(createServerCredential);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.auth.zOSContextManagerImpl.initializeSystemContext", "3448", this);
                setRootException(e.getException());
                throw new WSSecurityException(e.getException().getMessage(), e.getException());
            }
        }
        threadLocStorage.set(stateofSecurity);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeSystemContext");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void initializeCallerContext(Subject subject) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeCallerContext", subject);
        }
        StateofSecurity threadContext = getThreadContext();
        threadContext.setCallerSubject(subject);
        threadContext.setInvocationSubject(null);
        threadContext.setFirstAuthUser(null);
        threadContext.setAuthFlag(false);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeCallerContext");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void clearCallerContext() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCallerContext");
        }
        StateofSecurity threadContext = getThreadContext();
        threadContext.setCallerSubject(null);
        threadContext.setInvocationSubject(null);
        threadContext.clearPropagationToken();
        threadContext.setFirstAuthUser(null);
        threadContext.setAuthFlag(false);
        PlatformCredential platformCredential = (PlatformCredential) threadContext.getServerPlatformCred();
        PlatformCredential platformCredential2 = (PlatformCredential) threadContext.getOSThreadPlatformCred();
        if (serverRegion && platformCredential != null && !platformCredential2.equals(platformCredential)) {
            Tr.error(tc, "security.zOS.ContextManager.CallerContext.error");
            try {
                getLocalOSExtension().restoreLocalOSThreadID(platformCredential);
            } catch (Exception e) {
                Tr.error(tc, "security.zOSContextManagerImpl.clearCallerContext.failure.error");
                throw new IllegalStateException("Unexpected exception calling restoreLocalOSThreadID");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCallerContext");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isCellSecurityEnabled() {
        boolean z = false;
        if (processIsServer()) {
            Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("cell.security.enabled");
            if (bool != null) {
                z = bool.booleanValue();
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking security enabled for a client process..");
            }
            this.csiClientProps = getClientProperties();
            String clean = CSIUtil.clean(this.csiClientProps.getProperty("com.ibm.CORBA.securityEnabled"));
            if (null != clean && clean.equalsIgnoreCase("true")) {
                z = true;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("CELL_SECURITY_ENABLED = ").append(z).toString());
        }
        return z;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean isServerSecurityEnabled() {
        boolean z = false;
        if (processIsServer()) {
            z = ((Boolean) this.secConfig.getValue("server.security.enabled")).booleanValue();
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking security enabled for a client process..");
            }
            this.csiClientProps = getClientProperties();
            String property = this.csiClientProps.getProperty("com.ibm.CORBA.securityEnabled");
            if (null != property && property.equals("true")) {
                z = true;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("SERVER_SECURITY_ENABLED = ").append(z).toString());
        }
        return z;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface, com.ibm.ws.security.core.ContextManager
    public String getClientUniqueIDForOutboundRequests(Subject subject) {
        try {
            WSCredentialTokenMapperInterface wSCredTokenMapper = getWSCredTokenMapper();
            if (wSCredTokenMapper == null || subject == null) {
                return null;
            }
            return wSCredTokenMapper.createUniqueIDFromAllTokens(subject);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getClientUniqueIDForOutboundRequests", "3617");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Caught exception.", new Object[]{e});
            return null;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public byte[] getClientUniqueIDArrayForOutboundRequests(Subject subject) {
        byte[] bytes;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getClientUniqueIDArrayForOutboundRequests", subject);
        }
        try {
            WSCredentialTokenMapperInterface wSCredTokenMapper = getWSCredTokenMapper();
            if (wSCredTokenMapper == null || subject == null) {
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "getClientUniqueIDArrayForOutboundRequests", null);
                return null;
            }
            String createUniqueIDFromAllTokens = wSCredTokenMapper.createUniqueIDFromAllTokens(subject);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("createUniqueIDfromAllTokens returned ").append(createUniqueIDFromAllTokens).toString());
            }
            if (createUniqueIDFromAllTokens == null) {
                bytes = SubjectHelper.getWSCredentialFromSubject(subject).getCredentialToken();
                if (bytes == null) {
                    bytes = LTPAServerObject.getLTPAServer().createLTPAToken(SubjectHelper.getWSCredentialFromSubject(subject)).getCredentialToken();
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "converting id returned to byte array");
                }
                bytes = createUniqueIDFromAllTokens.getBytes();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getClientUniqueIDArrayForOutboundRequests", bytes);
            }
            return bytes;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getClientUniqueIDForOutboundRequests", "3659");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Caught exception.", new Object[]{e});
            Tr.exit(tc, "getClientUniqueIDArrayForOutboundRequests", null);
            return null;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public boolean getServerSecurityEnabled() {
        return this.serverSecurityEnabled;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setServerSecurityEnabled(boolean z) {
        this.serverSecurityEnabled = z;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setPlatformHelper(PlatformHelper platformHelper) {
        PlatformHelperFactory.setPlatformHelper(platformHelper);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public PlatformHelper getPlatformHelper() {
        return PlatformHelperFactory.getPlatformHelper();
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public long getReqTimeout() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getReqTimeout");
        }
        if (minCushion == -1) {
            if (theORB == null) {
                theORB = CORBAUtil.getORB();
            }
            String property = theORB.getProperty("was.wlmTimeout");
            if (property == null || property == "0") {
                minCushion = getCache().getCushion();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("minCushion = getCache().getCushion() = ").append(minCushion).append("ms").toString());
                }
            } else {
                minCushion = Long.parseLong(property) * 1000;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("minCushion = was.wlmTimeout*1000 = ").append(minCushion).append("ms").toString());
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("was.wlmTimeout = ").append(property).append("sec").toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("Exiting getReqTimout(). Returning minCushion=").append(minCushion).append("ms").toString());
        }
        return minCushion;
    }

    public String getRegionId() {
        return this.regionUserid;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public String getDefaultSAFRealm() {
        return this.DefaultSAFRealm;
    }

    private String dump(Throwable th) {
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecurityServerImpl getSecurityServer() throws AuthenticationFailedException {
        if (this.securityServer == null) {
            try {
                this.securityServer = new SecurityServerImpl();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getSecurityServer", "3776");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "", e);
                }
                this.securityServer = null;
                throw new AuthenticationFailedException(e.getMessage());
            }
        }
        return this.securityServer;
    }

    private JaasLoginHelper getJaasLoginHelper() throws WSSecurityException {
        if (this.jaasLoginHelper == null) {
            try {
                this.jaasLoginHelper = new JaasLoginHelper((String) this.secConfig.getValue("com.ibm.ws.security.defaultLoginConfig"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("JaasLoginHelper() setting default login config to").append(this.secConfig.getValue("com.ibm.ws.security.defaultLoginConfig")).toString());
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ContextManager.getJaasLoginHelper", "3800");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "", e);
                }
                this.jaasLoginHelper = null;
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
        return this.jaasLoginHelper;
    }

    private Class getAuthCacheClass() {
        Class cls;
        if (this._authCacheClass == null) {
            try {
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                this._authCacheClass = contextClassLoader != null ? contextClassLoader.loadClass(FACTORY_CLASS) : Class.forName(FACTORY_CLASS);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3839");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._authCacheClass;
    }

    private Method getAuthCacheGetInstanceMethod() {
        Class authCacheClass;
        Class cls;
        if (this._authCacheGetInstanceMethod == null && (authCacheClass = getAuthCacheClass()) != null) {
            try {
                this._authCacheGetInstanceMethod = authCacheClass.getMethod("getInstance", null);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3860");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._authCacheGetInstanceMethod;
    }

    private Class getSecurityServerImplClass() {
        Class cls;
        if (this._securityServerImplClass == null) {
            try {
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                this._securityServerImplClass = contextClassLoader != null ? contextClassLoader.loadClass(SECURITY_SERVER_IMPL_CLASS) : Class.forName(SECURITY_SERVER_IMPL_CLASS);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3892");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._securityServerImplClass;
    }

    private Method getRegistryMethod() {
        Class securityServerImplClass;
        Class cls;
        Class<?> cls2;
        if (this._getRegistryMethod == null && (securityServerImplClass = getSecurityServerImplClass()) != null) {
            try {
                Class<?>[] clsArr = new Class[1];
                if (class$java$lang$String == null) {
                    cls2 = class$("java.lang.String");
                    class$java$lang$String = cls2;
                } else {
                    cls2 = class$java$lang$String;
                }
                clsArr[0] = cls2;
                this._getRegistryMethod = securityServerImplClass.getMethod("getRegistryImpl", clsArr);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3913");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._getRegistryMethod;
    }

    private Class getSecurityServerFactoryClass() {
        Class cls;
        if (this._securityServerFactoryClass == null) {
            try {
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                this._securityServerFactoryClass = contextClassLoader != null ? contextClassLoader.loadClass(SECURITY_SERVER_FACTORY_CLASS) : Class.forName(SECURITY_SERVER_FACTORY_CLASS);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3944");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._securityServerFactoryClass;
    }

    private Method getSecurityServerCreateMethod() {
        Class securityServerFactoryClass;
        Class cls;
        if (this._getSecurityServerCreateMethod == null && (securityServerFactoryClass = getSecurityServerFactoryClass()) != null) {
            try {
                this._getSecurityServerCreateMethod = securityServerFactoryClass.getMethod("create", null);
            } catch (Exception e) {
                if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
                    cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
                    class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
                } else {
                    cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
                }
                FFDCFilter.processException(e, cls.getName(), "3965");
                throw new UndeclaredThrowableException(e);
            }
        }
        return this._getSecurityServerCreateMethod;
    }

    private Object getRegistryObject() {
        Method registryMethod;
        if (this._registryObject == null && (registryMethod = getRegistryMethod()) != null) {
            try {
                this._registryObject = registryMethod.invoke(null, getDefaultRealm());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.getRegistryObject", "3989");
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Exception getting registry instance during bootstrap check.", e);
                return null;
            }
        }
        if (this._registryObject == null && tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning null registryObject, still in BOOTSTRAP mode.");
        }
        return this._registryObject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredentialTokenMapperInterface getWSCredTokenMapper() throws WSSecurityException {
        if (this.wsCredTokenMapper == null) {
            try {
                Object newInstance = Class.forName("com.ibm.ws.security.token.WSCredentialTokenMapper").newInstance();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got instance of WSCredTokenMapper.");
                }
                this.wsCredTokenMapper = (WSCredentialTokenMapperInterface) newInstance;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.security.core.UserMappingImpl.mapCertificateToName", "4018", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The following exception occurred in UserMappingImpl when loading the custom implementation: ", new Object[]{th});
                }
                throw new WSSecurityException(th.getMessage(), th);
            }
        }
        return this.wsCredTokenMapper;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential createBasicAuthCredential(String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = str3 == null ? null : "****";
            Tr.entry(traceComponent, "createBasicAuthCredential", objArr);
        }
        WSCredentialImpl wSCredentialImpl = new WSCredentialImpl(str, str2, str3);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createBasicAuthCredential", wSCredentialImpl);
        }
        return wSCredentialImpl;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential authenticate(WSCredential wSCredential) throws AuthenticationFailedException {
        if (wSCredential == null) {
            Tr.debug(tc, "Credential passed in is null.");
            return null;
        }
        try {
            return SubjectHelper.getWSCredentialFromSubject(login(wSCredential));
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4064", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e)).toString());
            }
            AuthenticationFailedException authenticationFailedException = new AuthenticationFailedException(e.getMessage());
            authenticationFailedException.addException(e);
            throw authenticationFailedException;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4075", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e2)).toString());
            }
            AuthenticationFailedException authenticationFailedException2 = new AuthenticationFailedException(e2.getMessage());
            authenticationFailedException2.addException(e2);
            throw authenticationFailedException2;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential authenticate(String str, String str2, String str3) throws AuthenticationFailedException {
        try {
            return SubjectHelper.getWSCredentialFromSubject(login(str, str2, str3));
        } catch (WSLoginFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4096", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e)).toString());
            }
            AuthenticationFailedException authenticationFailedException = new AuthenticationFailedException(e.getMessage());
            authenticationFailedException.addException(e);
            throw authenticationFailedException;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4107", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e2)).toString());
            }
            AuthenticationFailedException authenticationFailedException2 = new AuthenticationFailedException(e2.getMessage());
            authenticationFailedException2.addException(e2);
            throw authenticationFailedException2;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential authenticate(String str, byte[] bArr) throws AuthenticationFailedException {
        try {
            return SubjectHelper.getWSCredentialFromSubject(login(str, bArr));
        } catch (LoginException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4127", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e)).toString());
            }
            AuthenticationFailedException authenticationFailedException = new AuthenticationFailedException(e.getMessage());
            authenticationFailedException.addException(e);
            throw authenticationFailedException;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.zOSContextManagerImpl.authenticate", "4138", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authenticate failed: ").append(dump(e2)).toString());
            }
            AuthenticationFailedException authenticationFailedException2 = new AuthenticationFailedException(e2.getMessage());
            authenticationFailedException2.addException(e2);
            throw authenticationFailedException2;
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public synchronized void initializeCallerContext(WSCredential[] wSCredentialArr) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeCallerContext", wSCredentialArr);
        }
        initializeCallerContext(SubjectHelper.createSubjectFromWSCredential(wSCredentialArr[0]));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeCallerContext");
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential pushInvocationCredential(WSCredential wSCredential) throws WSSecurityException {
        if (!isCellSecurityEnabled()) {
            return null;
        }
        try {
            WSCredential invocationCredential = getInvocationCredential();
            setInvocationCredential(wSCredential);
            return invocationCredential;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.pushInvocationCredential", "4170", this);
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void popInvocationCredential(WSCredential wSCredential) throws WSSecurityException {
        if (isCellSecurityEnabled()) {
            try {
                setInvocationCredential(wSCredential);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.ContextManagerImpl.popInvocationCredential", "4187", this);
                throw new WSSecurityException(e.getMessage(), e);
            }
        }
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential[] getCallerCredentials() throws WSSecurityException {
        Subject callerSubject = getCallerSubject();
        WSCredential[] wSCredentialArr = new WSCredential[1];
        if (callerSubject != null) {
            wSCredentialArr[0] = SubjectHelper.getWSCredentialFromSubject(callerSubject);
        }
        if (tc.isDebugEnabled()) {
            if (null == wSCredentialArr[0]) {
                Tr.debug(tc, "getCallerCredentials returning NULL");
            } else {
                Tr.debug(tc, new StringBuffer().append("getCallerCredentials returning :").append(wSCredentialArr[0].toString()).toString());
            }
        }
        return wSCredentialArr;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setCallerCredentials(WSCredential[] wSCredentialArr) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("DEPRECATED setCallerCredentials called ").append(wSCredentialArr).toString());
        }
        Subject subject = null;
        if (null != wSCredentialArr[0]) {
            subject = SubjectHelper.createSubjectFromWSCredential(wSCredentialArr[0]);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Setting caller Subject to ").append(subject).toString());
        }
        setCallerSubject(subject);
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public WSCredential getInvocationCredential() throws WSSecurityException {
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(getInvocationSubject());
        if (tc.isDebugEnabled()) {
            if (null == wSCredentialFromSubject) {
                Tr.debug(tc, "getInvocationCredentials returning NULL");
            } else {
                Tr.debug(tc, new StringBuffer().append("getInvocationCredentials returning :").append(wSCredentialFromSubject.toString()).toString());
            }
        }
        return wSCredentialFromSubject;
    }

    @Override // com.ibm.ws.security.core.ContextManager
    public void setInvocationCredential(WSCredential wSCredential) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("DEPRECATED setInvocationCredential called ").append(wSCredential).toString());
        }
        Subject subject = null;
        if (null != wSCredential) {
            subject = SubjectHelper.createSubjectFromWSCredential(wSCredential);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Setting invocation Subject to ").append(subject).toString());
        }
        setInvocationSubject(subject);
    }

    public void setServerCredential(WSCredential wSCredential) throws WSSecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("DEPRECATED setServerCredential ").append(new Object[]{wSCredential}).toString());
        }
        Subject subject = null;
        if (null != wSCredential) {
            ((WSCredentialImpl) wSCredential).markServerCred();
            subject = SubjectHelper.createSubjectFromWSCredential(wSCredential);
        }
        setServerSubject(subject);
    }

    private Object getDistributedObject(Object obj) {
        try {
            return getWSCredTokenMapper().getDistributedObject(obj);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ContextManager.getDistributedObject", "4283");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Error getting distributed object.", new Object[]{e});
            return null;
        }
    }

    private Object putDistributedObject(Object obj, Object obj2, int i) {
        try {
            return getWSCredTokenMapper().putDistributedObject(obj, obj2, i);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ContextManager.getDistributedObject", "4327");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Error setting distributed object.", new Object[]{e});
            return null;
        }
    }

    private Object putDistributedObject(Object obj, Object obj2, int i, int i2, int i3, Object[] objArr) {
        try {
            return getWSCredTokenMapper().putDistributedObject(obj, obj2, i, i2, i3, objArr);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ContextManager.getDistributedObject", "4376");
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Error setting distributed object.", new Object[]{e});
            return null;
        }
    }

    private Properties getClientProperties() {
        if (false == this.gotClientProps) {
            this.csiClientProps = CSIClientProperties.getCSIClientProps();
            this.gotClientProps = true;
        }
        return this.csiClientProps;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public boolean isSyncToThreadEnabled() {
        return enableSyncOSThread;
    }

    public boolean isSynctoThreadEnabled() {
        return enableSyncOSThread;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public boolean isApplicationSyncToOSThreadEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isApplicationSyncToSOThreadEnabled", new Boolean(enableAppSyncOSThread));
        }
        return enableAppSyncOSThread;
    }

    public WSLoginLocalOSExtension getLocalOSExtension() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSExtension");
        }
        if (false == serverRegion) {
            throw new Exception("Internal error, LocalOSExtension not used in z/OS Controller");
        }
        if (null != this.LoginExtension) {
            return this.LoginExtension;
        }
        this.LoginExtension = WSLoginLocalOSExtensionFactory.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSExtension", this.LoginExtension);
        }
        return this.LoginExtension;
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public Subject getLocalOSServerSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSServerSubject");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(GET_LOCALOS_SERVER_CRED_PERM.toString()).toString());
            }
            securityManager.checkPermission(GET_LOCALOS_SERVER_CRED_PERM);
        }
        if (null == this.serverJ2CSubject) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating J2CSubject for Server's PlatformCredential");
            }
            try {
                getServerSubject();
                try {
                    this.serverPlatformCredential = (PlatformCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, this.serverTokenCred) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.12
                        private final WSCredential val$privCred;
                        private final zOSContextManagerImpl this$0;

                        {
                            this.this$0 = this;
                            this.val$privCred = r5;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws CredentialDestroyedException, CredentialExpiredException {
                            return (PlatformCredential) this.val$privCred.get(SecurityConfig.PLATFORM_CREDENTIAL);
                        }
                    });
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e.getException(), "com.ibm.ws.security.zOSContextManagerImpl", "4488", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unexpected error retrieving servers subject", new Object[]{e.getException()});
                    }
                    this.serverPlatformCredential = null;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "creating J2CSubject for Server's PlatformCredential");
                }
                this.serverJ2CSubject = this.serverPlatformCredential.getJ2CSubject();
            } catch (Exception e2) {
                Tr.event(tc, "Unexpected error retrieving servers subject", e2.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSServerSubject", this.serverJ2CSubject);
        }
        return this.serverJ2CSubject;
    }

    public Object getThreadCredential() {
        StateofSecurity threadContext = getThreadContext();
        if (null != threadContext) {
            return (PlatformCredential) threadContext.getOSThreadPlatformCred();
        }
        Tr.audit(tc, "security.zOS.ContextManager.getThreadCredential.audit");
        return null;
    }

    public void setThreadCredential(Object obj) {
        if (tc.isDebugEnabled()) {
            if (null == obj) {
                Tr.debug(tc, "setting thread credential to null");
            } else {
                Tr.debug(tc, new StringBuffer().append("set thread credential to: ").append(obj.toString()).toString());
            }
        }
        StateofSecurity threadContext = getThreadContext();
        if (null != threadContext) {
            threadContext.setOSThreadPlatformCred(obj);
        } else {
            Tr.audit(tc, "security.zOS.ContextManager.setThreadCredential.audit");
        }
    }

    private StateofSecurity getThreadContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getThreadContext");
        }
        StateofSecurity stateofSecurity = (StateofSecurity) threadLocStorage.get();
        if (null == stateofSecurity) {
            try {
                initializeSystemContext();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.zOSContextManagerImpl.initializeSystemContext", "4566");
                Tr.error(tc, "zOSContextManagerImpl.initializeSystemContext", new Object[]{e});
            }
            stateofSecurity = (StateofSecurity) threadLocStorage.get();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getThreadContext", stateofSecurity);
        }
        return stateofSecurity;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [com.ibm.websphere.security.cred.WSCredential] */
    public Subject buildLocalOSSubject(Object obj) throws RemoteException {
        WSCredentialImpl wSCredentialImpl;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "buildLocalOSSubject", obj);
        }
        String defaultSAFRealm = getDefaultSAFRealm();
        Boolean bool = (Boolean) this.secConfig.getValue("security.use.localos.userregistry");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("USE_LOCALOS_USER_REGISTRY = ").append(bool.booleanValue()).toString());
        }
        if (bool == null || !bool.booleanValue()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Calling WSCredImpl with realmName: ").append(defaultSAFRealm).append(" and userId: ").append("WSADMIN").toString());
            }
            wSCredentialImpl = new WSCredentialImpl(defaultSAFRealm, "WSADMIN", "", "", "", new ArrayList(), new ArrayList());
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Calling WSCredHelper.createRegCred with \n realmName: ").append(defaultSAFRealm).append("\n userID: ").append("WSADMIN").toString());
            }
            wSCredentialImpl = WSCredentialsHelper.createRegistryCred(defaultSAFRealm, "WSADMIN");
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredentialImpl, PlatformCredentialManager.instance().createCredential("WSADMIN")) { // from class: com.ibm.ws.security.auth.zOSContextManagerImpl.13
                private final WSCredential val$privCred;
                private final PlatformCredential val$privPlatCred;
                private final zOSContextManagerImpl this$0;

                {
                    this.this$0 = this;
                    this.val$privCred = wSCredentialImpl;
                    this.val$privPlatCred = r6;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws CredentialDestroyedException, CredentialExpiredException {
                    this.val$privCred.set(SecurityConfig.PLATFORM_CREDENTIAL, this.val$privPlatCred);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.zOSContextManagerImpl", "4630", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception setting PlatformCredential : ", new Object[]{e.getException()});
            }
        }
        Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(wSCredentialImpl);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "buildLocalOSSubject", createSubjectFromWSCredential);
        }
        return createSubjectFromWSCredential;
    }

    public static synchronized void registerPackage(String str) {
        ArrayList arrayList = new ArrayList();
        String property = System.getProperty(URL_HANDLER_PROP);
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, PKGNAME_DELIMITER);
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
        }
        if (arrayList.contains(str)) {
            return;
        }
        arrayList.add(str);
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            stringBuffer.append((String) it.next());
            if (it.hasNext()) {
                stringBuffer.append('|');
            }
        }
        System.setProperty(URL_HANDLER_PROP, stringBuffer.toString());
    }

    public String getAllHosts() {
        return new String("");
    }

    public String getAllPorts() {
        return new String("");
    }

    @Override // com.ibm.ws.security.core.ContextManagerPlatformInterface
    public Subject validateCachedSubject(Subject subject, boolean z) {
        Subject subject2 = subject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("validateCachedSubject: ").append(subject).toString());
        }
        if (subject2 != null) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject2);
                if (wSCredentialFromSubject != null) {
                    boolean isDestroyed = wSCredentialFromSubject.isDestroyed();
                    boolean checkCushionValidityOfAllTokens = getWSCredTokenMapper().checkCushionValidityOfAllTokens(subject2, this.cache.getCushion());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("login(token): isSubjectValid = ").append(checkCushionValidityOfAllTokens).toString());
                    }
                    if (!isDestroyed && checkCushionValidityOfAllTokens) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "Validate CachedSubject: isValid ");
                        }
                        return subject2;
                    }
                    getCache().removeEntry(wSCredentialFromSubject.getRealmName(), wSCredentialFromSubject.getSecurityName());
                    subject2 = null;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Credential has expired or is destroyed, logging in again.");
                    }
                } else {
                    subject2 = null;
                }
            } catch (CredentialDestroyedException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Credential is destroyed.", new Object[]{e});
                }
                subject2 = null;
            } catch (CacheException e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cache error removing subject", new Object[]{e2});
                }
                subject2 = null;
            } catch (WSSecurityException e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error checking validity of tokens", new Object[]{e3});
                }
                subject2 = null;
            } catch (CredentialExpiredException e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Credential has expired.", new Object[]{e4});
                }
                subject2 = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("Validate CachedSubject: returns :").append(subject2).toString());
        }
        return subject2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$zOSContextManagerImpl == null) {
            cls = class$("com.ibm.ws.security.auth.zOSContextManagerImpl");
            class$com$ibm$ws$security$auth$zOSContextManagerImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$zOSContextManagerImpl;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        threadLocStorage = new WSThreadLocal();
        enableAppSyncOSThread = false;
        serverRegion = false;
        controllerRegion = false;
        unauthenticatedString = null;
        minCushion = -1L;
        theORB = null;
        GET_LOCALOS_SERVER_CRED_PERM = new WebSphereRuntimePermission("ContextManager.getLocalOSServerCredential");
        enableSyncOSThread = false;
        isLocalOS = null;
        ctxMgr = ContextManagerFactory.getInstance();
        MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
        GET_SERVER_CRED_PERM = new WebSphereRuntimePermission("ContextManager.getServerCredential");
        URL_HANDLER_PROP = "java.protocol.handler.pkgs";
    }
}
