package com.ibm.ws.sib.security.auth.login;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.auth.LoginType;
import com.ibm.ws.sib.security.auth.SIBPrincipal;
import com.ibm.ws.sib.security.auth.SIBSubject;
import com.ibm.ws.sib.security.auth.SIBSubjectImpl;
import com.ibm.ws.sib.utils.ras.SibTr;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

/* loaded from: input_file:lib/com.ibm.ws.sib.server.jar:com/ibm/ws/sib/security/auth/login/CertificateLoginAction.class */
public class CertificateLoginAction extends AbstractLoginAction {
    private static final TraceComponent _tc = SibTr.register(CertificateLoginAction.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    private X509Certificate[] _certs;
    private String _userName;

    public CertificateLoginAction(String str, Certificate[] certificateArr) {
        super(str);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "CertificateLoginAction", new Object[]{str, certificateArr});
        }
        this._certs = new X509Certificate[certificateArr.length];
        int i = 0;
        while (true) {
            if (i < certificateArr.length) {
                if (!(certificateArr[i] instanceof X509Certificate)) {
                    this._certs = null;
                    break;
                } else {
                    this._certs[i] = (X509Certificate) certificateArr[i];
                    i++;
                }
            } else {
                break;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "CertificateLoginAction", this);
        }
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    protected SIBSubject login() {
        SIBSubject sIBSubject;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN);
        }
        if (this._certs != null) {
            try {
                if (this._certs.length > 0) {
                    ContextManager contextManager = getContextManager();
                    sIBSubject = SIBSubjectImpl.create(contextManager.login(contextManager.getDefaultRealm(), this._certs));
                    if (sIBSubject != null) {
                        this._userName = sIBSubject.getUserName();
                        sIBSubject = convertSubject(sIBSubject, new SIBPrincipal(getUniqueUserName(sIBSubject), true, true));
                    }
                } else {
                    sIBSubject = getAnonymousSubject();
                    this._userName = sIBSubject.getUserName();
                }
            } catch (GeneralSecurityException e) {
                if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                    SibTr.event(_tc, "unable to do certificate based login", e);
                }
                sIBSubject = null;
            }
        } else {
            sIBSubject = null;
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "The provided certificates are not X509 certificates");
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, sIBSubject);
        }
        return sIBSubject;
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    public LoginType getLoginType() {
        return LoginType.CLIENTSSL;
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    public String getUserName() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getUserName");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getUserName", this._userName);
        }
        return this._userName;
    }
}
