package com.ibm.uddi.security;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurity.Current;
import com.ibm.IExtendedSecurity.InvalidAdditionalCriteria;
import com.ibm.IExtendedSecurity.MechanismTypeNotRegistered;
import com.ibm.IExtendedSecurity.RealmNotRegistered;
import com.ibm.IExtendedSecurity.UnknownMapping;
import com.ibm.ejs.oa.EJSORB;
import com.ibm.ras.RASITraceLogger;
import com.ibm.uddi.dom.AccessPointElt;
import com.ibm.uddi.exception.UDDIAuthTokenRequiredException;
import com.ibm.uddi.exception.UDDIException;
import com.ibm.uddi.exception.UDDIFatalErrorException;
import com.ibm.uddi.exception.UDDIUnknownUserException;
import com.ibm.uddi.uuid.UUIDFactory;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.omg.CORBA.Any;
import org.omg.Security.AttributeType;
import org.omg.Security.CredentialType;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.InvalidCredentialType;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;

/* loaded from: input_file:uddiear/uddi.ear:uddisecurity.jar:com/ibm/uddi/security/CSIAuthenticator.class */
public class CSIAuthenticator implements Authenticator {
    public static final String java_copyright = "Licensed Materials - Property of IBM 5639-D57, 5630-A36, 5630-A37, 5724-D18          (c) COPYRIGHT International Business Machines Corp. 2001, 2002 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final RASITraceLogger traceLogger = SecurityConfig.getTraceLogger();
    private static final String WEBSPHERE_AUTHINFO = "placeholderAuthInfoWhenWebSphereSecurityOn";
    private Map authInfoMap;
    private boolean securityOn;

    @Override // com.ibm.uddi.security.Authenticator
    public String authenticate(String str) throws UDDIException {
        String str2;
        traceLogger.entry(4096L, this, "authenticate", str);
        if (this.securityOn) {
            String webSphereUser = getWebSphereUser();
            if (webSphereUser == null) {
                traceLogger.trace(2048L, this, "authenticate", "WebSphere user was null");
                throw new UDDIFatalErrorException();
            }
            if (webSphereUser.equals("UNAUTHENTICATED")) {
                traceLogger.trace(8192L, this, "authenticate", "Found UNAUTHENTICATED");
                if (str == null || str.equals(AccessPointElt.TMODELKEY_OTHER)) {
                    traceLogger.trace(2048L, this, "authenticate", "No authInfo supplied");
                    throw new UDDIAuthTokenRequiredException();
                }
                UseridPassword useridPassword = (UseridPassword) this.authInfoMap.get(str);
                if (useridPassword == null) {
                    traceLogger.trace(2048L, this, "authenticate", "No entry in Map, assuming discard_authToken has been called");
                    throw new UDDIAuthTokenRequiredException();
                }
                String str3 = useridPassword.userid;
                traceLogger.trace(8192L, this, "authenticate", "user", str3);
                str2 = relogin(str3, useridPassword.password);
            } else {
                str2 = webSphereUser;
                traceLogger.trace(8192L, this, "authenticate", new StringBuffer().append("Have set current user to ").append(str2).toString());
            }
        } else if (str == null || str.equals(AccessPointElt.TMODELKEY_OTHER)) {
            traceLogger.trace(8192L, this, "authenticate", "authInfo is null (EJB or GUI) or blank (SOAP without get_authToken)");
            str2 = "UNAUTHENTICATED";
            traceLogger.trace(8192L, this, "authenticate", "Have set current user to default of UNAUTHENTICATED");
        } else {
            UseridPassword useridPassword2 = (UseridPassword) this.authInfoMap.get(str);
            if (useridPassword2 == null) {
                traceLogger.trace(2048L, this, "authenticate", "No entry in Map");
                throw new UDDIAuthTokenRequiredException();
            }
            str2 = useridPassword2.userid;
        }
        traceLogger.exit(4096L, this, "authenticate", str2);
        return str2;
    }

    @Override // com.ibm.uddi.security.Authenticator
    public void clearAuthInfo(String str) {
        traceLogger.entry(4096L, this, "clearAuthInfo", str);
        if (str != null && !str.equals(AccessPointElt.TMODELKEY_OTHER) && !str.equals(WEBSPHERE_AUTHINFO)) {
            this.authInfoMap.remove(str);
        }
        traceLogger.exit(4096L, this, "clearAuthInfo");
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String getUser(String str) throws UDDIException {
        UseridPassword useridPassword;
        String str2 = null;
        if (this.securityOn) {
            String webSphereUser = getWebSphereUser();
            if (webSphereUser == null) {
                traceLogger.trace(2048L, this, "getUser", "WebSphere user was null");
                throw new UDDIFatalErrorException();
            }
            if (webSphereUser.equals("UNAUTHENTICATED")) {
                traceLogger.trace(8192L, this, "getUser", "Found UNAUTHENTICATED");
                if (str != null && !str.equals(AccessPointElt.TMODELKEY_OTHER) && (useridPassword = (UseridPassword) this.authInfoMap.get(str)) != null) {
                    str2 = useridPassword.userid;
                }
            } else {
                str2 = webSphereUser;
            }
        } else {
            UseridPassword useridPassword2 = (UseridPassword) this.authInfoMap.get(str);
            if (useridPassword2 != null) {
                str2 = useridPassword2.userid;
            }
        }
        return str2;
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String login(String str, String str2) throws UDDIException {
        traceLogger.entry(4096L, this, "login", str);
        String str3 = WEBSPHERE_AUTHINFO;
        if (str == null || str.equals(AccessPointElt.TMODELKEY_OTHER)) {
            throw new UDDIUnknownUserException();
        }
        if (this.securityOn) {
            try {
                Current securityCurrent = getSecurityCurrent();
                if (securityCurrent == null) {
                    traceLogger.trace(2048L, this, "login", "Got null security current");
                    throw new UDDIFatalErrorException();
                }
                try {
                    Credentials credentials = securityCurrent.get_credentials(CredentialType.SecInvocationCredentials);
                    if (credentials == null) {
                        traceLogger.trace(2048L, this, "login", "creds == null");
                        throw new UDDIFatalErrorException();
                    }
                    traceLogger.trace(8192L, this, "login", "creds != null");
                    if ("UNAUTHENTICATED".equals(getUserName(credentials))) {
                        traceLogger.trace(8192L, this, "login", "WebSphere user is UNAUTHENTICATED");
                        Credentials forceLogin = forceLogin(securityCurrent, str, str2);
                        if (forceLogin == null) {
                            throw new UDDIUnknownUserException();
                        }
                        String userName = getUserName(forceLogin);
                        if (userName != null) {
                            UseridPassword useridPassword = new UseridPassword();
                            useridPassword.userid = userName;
                            useridPassword.password = str2;
                            str3 = UUIDFactory.createUUID().toString();
                            this.authInfoMap.put(str3, useridPassword);
                        }
                    }
                } catch (InvalidCredentialType e) {
                    traceLogger.exception(2048L, this, "login", e);
                    throw new UDDIFatalErrorException();
                }
            } catch (IllegalStateException e2) {
                traceLogger.exception(2048L, this, "authenticate", e2);
                throw new UDDIFatalErrorException();
            }
        } else {
            UseridPassword useridPassword2 = new UseridPassword();
            useridPassword2.userid = str;
            str3 = UUIDFactory.createUUID().toString();
            this.authInfoMap.put(str3, useridPassword2);
        }
        traceLogger.exit(4096L, this, "login", str3);
        return str3;
    }

    private String relogin(String str, String str2) throws UDDIException {
        String userName;
        traceLogger.entry(4096L, this, "relogin", str);
        if (str == null || str.equals(AccessPointElt.TMODELKEY_OTHER)) {
            throw new UDDIUnknownUserException();
        }
        if (this.securityOn) {
            try {
                Current securityCurrent = getSecurityCurrent();
                if (securityCurrent == null) {
                    traceLogger.trace(2048L, this, "relogin", "Got null security current");
                    throw new UDDIFatalErrorException();
                }
                try {
                    Credentials credentials = securityCurrent.get_credentials(CredentialType.SecInvocationCredentials);
                    if (credentials == null) {
                        traceLogger.trace(2048L, this, "relogin", "creds == null");
                        throw new UDDIFatalErrorException();
                    }
                    traceLogger.trace(8192L, this, "relogin", "creds != null");
                    userName = getUserName(credentials);
                    if ("UNAUTHENTICATED".equals(userName)) {
                        traceLogger.trace(8192L, this, "relogin", "WebSphere user is UNAUTHENTICATED");
                        Credentials forceLogin = forceLogin(securityCurrent, str, str2);
                        if (forceLogin == null) {
                            throw new UDDIUnknownUserException();
                        }
                        userName = getUserName(forceLogin);
                    }
                } catch (InvalidCredentialType e) {
                    traceLogger.exception(2048L, this, "relogin", e);
                    throw new UDDIFatalErrorException();
                }
            } catch (IllegalStateException e2) {
                traceLogger.exception(2048L, this, "authenticate", e2);
                throw new UDDIFatalErrorException();
            }
        } else {
            userName = str;
        }
        traceLogger.exit(4096L, this, "relogin", userName);
        return userName;
    }

    private Credentials forceLogin(Current current, String str, String str2) {
        traceLogger.entry(4096L, this, "forceLogin", current, str);
        Credentials credentials = null;
        try {
            com.ibm.IExtendedSecurity.Credentials request_login = current.login_helper().request_login(str, AccessPointElt.TMODELKEY_OTHER, str2, new CredentialsHolder(), new OpaqueHolder());
            if (request_login instanceof com.ibm.IExtendedSecurity.Credentials) {
                try {
                    try {
                        try {
                            try {
                                try {
                                    credentials = request_login.get_mapped_credentials((String) null, AccessPointElt.TMODELKEY_OTHER, (Any) null);
                                    current.set_credentials(CredentialType.SecInvocationCredentials, credentials);
                                } catch (InvalidCredential e) {
                                    traceLogger.exception(2048L, this, "forceLogin", e);
                                }
                            } catch (UnknownMapping e2) {
                                traceLogger.exception(2048L, this, "forceLogin", e2);
                            }
                        } catch (InvalidAdditionalCriteria e3) {
                            traceLogger.exception(2048L, this, "forceLogin", e3);
                        }
                    } catch (InvalidCredentialType e4) {
                        traceLogger.exception(2048L, this, "forceLogin", e4);
                    }
                } catch (RealmNotRegistered e5) {
                    traceLogger.exception(2048L, this, "forceLogin", e5);
                } catch (MechanismTypeNotRegistered e6) {
                    traceLogger.exception(2048L, this, "forceLogin", e6);
                }
            }
        } catch (LoginFailed e7) {
            traceLogger.exception(2048L, this, "forceLogin", e7);
        }
        traceLogger.exit(4096L, this, "forceLogin", credentials);
        return credentials;
    }

    private String getUserName(Credentials credentials) {
        traceLogger.entry(4096L, this, "getUserName", credentials);
        String str = null;
        try {
            try {
                try {
                    String str2 = new String(credentials.get_attributes(new AttributeType[]{new AttributeType(new ExtensibleFamily((short) 0, (short) 1), 1)})[0].value, "UTF8");
                    str = str2.substring(str2.lastIndexOf(47) + 1);
                } catch (UnsupportedEncodingException e) {
                    traceLogger.exception(2048L, this, "getUserName", e);
                }
            } catch (InvalidAttributeType e2) {
                traceLogger.exception(2048L, this, "getUserName", e2);
            }
        } catch (DuplicateAttributeType e3) {
            traceLogger.exception(2048L, this, "getUserName", e3);
        }
        traceLogger.exit(4096L, this, "getUserName", str);
        return str;
    }

    private Current getSecurityCurrent() throws IllegalStateException {
        traceLogger.entry(4096L, this, "getSecurityCurrent");
        try {
            ORB oRBInstance = EJSORB.getORBInstance();
            if (oRBInstance == null) {
                traceLogger.trace(2048L, this, "getSecurityCurrent", "Got a null ORB");
                throw new IllegalStateException("Failed to get ORB");
            }
            Current resolve_initial_references = oRBInstance.resolve_initial_references("SecurityCurrent");
            traceLogger.exit(4096L, this, "getSecurityCurrent", resolve_initial_references);
            return resolve_initial_references;
        } catch (Exception e) {
            throw new IllegalStateException("Error getting SecurityCurrent from the ORB");
        }
    }

    public CSIAuthenticator() {
        this.authInfoMap = null;
        this.securityOn = false;
        traceLogger.entry(4096L, "com.ibm.uddi.security.CSIAuthenticator", "CSIAuthenticator");
        this.authInfoMap = Collections.synchronizedMap(new HashMap());
        try {
            if (getSecurityCurrent() != null) {
                traceLogger.trace(8192L, "com.ibm.uddi.security.CSIAuthenticator", "CSIAuthenticator", "Have got security current, setting WebSphere security on");
                this.securityOn = true;
            } else {
                traceLogger.trace(8192L, "com.ibm.uddi.security.CSIAuthenticator", "CSIAuthenticator", "Got null security current, assuming WebSphere security off");
            }
        } catch (IllegalStateException e) {
            traceLogger.exception(8192L, "com.ibm.uddi.security.CSIAuthenticator", "CSIAuthenticator", e);
        }
        traceLogger.exit(4096L, "com.ibm.uddi.security.CSIAuthenticator", "CSIAuthenticator");
    }

    private String getWebSphereUser() throws UDDIException {
        traceLogger.entry(4096L, this, "getWebSphereUser");
        try {
            Current securityCurrent = getSecurityCurrent();
            if (securityCurrent == null) {
                traceLogger.trace(2048L, this, "getWebSphereUser", "Got null security current");
                throw new UDDIFatalErrorException();
            }
            try {
                Credentials credentials = securityCurrent.get_credentials(CredentialType.SecInvocationCredentials);
                if (credentials == null) {
                    traceLogger.trace(2048L, this, "getWebSphereUser", "Failed to get credentials");
                    throw new UDDIFatalErrorException();
                }
                String userName = getUserName(credentials);
                traceLogger.exit(4096L, this, "getWebSphereUser", userName);
                return userName;
            } catch (InvalidCredentialType e) {
                traceLogger.exception(2048L, this, "getWebSphereUser", e);
                throw new UDDIFatalErrorException();
            }
        } catch (IllegalStateException e2) {
            traceLogger.exception(8192L, this, "getWebSphereUser", e2);
            throw new UDDIFatalErrorException();
        }
    }
}
