package com.ibm.ws.transport.iiop.security.config.tss;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.rsadapter.FFDCLogger;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.csiv2.Authenticator;
import com.ibm.ws.security.csiv2.Constants;
import com.ibm.ws.transport.iiop.security.SASException;
import com.ibm.ws.transport.iiop.security.SASInvalidEvidenceException;
import com.ibm.ws.transport.iiop.security.util.Util;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import org.omg.CSI.IdentityToken;
import org.omg.IOP.Codec;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/transport/iiop/security/config/tss/TSSITTX509CertChain.class */
public class TSSITTX509CertChain extends TSSSASIdentityToken {
    public static final String OID = "";
    private final String realmName;
    private final String domainName;
    private transient Authenticator authenticator;
    static final long serialVersionUID = -6216988350360525259L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(TSSITTX509CertChain.class);

    public TSSITTX509CertChain(String str, String str2) {
        this.realmName = str;
        this.domainName = str2;
    }

    public TSSITTX509CertChain(Authenticator authenticator) {
        this.authenticator = authenticator;
        this.realmName = null;
        this.domainName = null;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    public short getType() {
        return (short) 4;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    public String getOID() {
        return "";
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    @FFDCIgnore({Exception.class})
    public Subject check(IdentityToken identityToken, Codec codec) throws SASException {
        X509Certificate[] decodeCertChain = Util.decodeCertChain(codec, identityToken.certificate_chain());
        try {
            Subject authenticate = this.authenticator.authenticate(decodeCertChain);
            WSCredential wSCredential = new SubjectHelper().getWSCredential(authenticate);
            wSCredential.set(Constants.IDENTITY_NAME, Constants.ClientCertificate);
            wSCredential.set(Constants.IDENTITY_VALUE, decodeCertChain);
            return authenticate;
        } catch (Exception e) {
            throw new SASInvalidEvidenceException(e.getMessage(), 1229079296);
        }
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    @Trivial
    public void toString(String str, StringBuilder sb) {
        String str2 = str + FFDCLogger.TAB;
        sb.append(str).append("TSSITTX509CertChain: [\n");
        sb.append(str2).append("domain: ").append(this.domainName).append("\n");
        sb.append(str2).append("realm: ").append(this.realmName).append("\n");
        sb.append(str).append("]\n");
    }
}
