package com.ibm.ws.transport.iiop.security.config.css;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.rsadapter.FFDCLogger;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.transport.iiop.security.config.tss.TSSASMechConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSGSSUPMechConfig;
import com.ibm.ws.transport.iiop.security.util.Util;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import javax.security.auth.Subject;
import org.omg.IOP.Codec;
import org.omg.PortableInterceptor.ClientRequestInfo;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/transport/iiop/security/config/css/CSSGSSUPMechConfigDynamic.class */
public class CSSGSSUPMechConfigDynamic implements CSSASMechConfig {
    private static TraceComponent tc = Tr.register(CSSGSSUPMechConfigDynamic.class);
    private final String mechanism = "GSSUP";
    private final String domain;
    private final boolean required;
    private final String username;
    private final SerializableProtectedString password;
    static final long serialVersionUID = 4670726401395161250L;

    public CSSGSSUPMechConfigDynamic(String str, SerializableProtectedString serializableProtectedString, String str2, boolean z) {
        this.mechanism = "GSSUP";
        this.username = str;
        this.password = serializableProtectedString;
        this.domain = str2;
        this.required = z;
    }

    public CSSGSSUPMechConfigDynamic(String str, boolean z) {
        this.mechanism = "GSSUP";
        this.username = null;
        this.password = null;
        this.domain = str;
        this.required = z;
    }

    public CSSGSSUPMechConfigDynamic(String str) {
        this.mechanism = "GSSUP";
        this.username = null;
        this.password = null;
        this.domain = str;
        this.required = false;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public short getSupports() {
        return (short) 64;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public short getRequires() {
        return this.required ? (short) 64 : (short) 0;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public boolean canHandle(TSSASMechConfig tSSASMechConfig) {
        if (tSSASMechConfig instanceof TSSGSSUPMechConfig) {
            return true;
        }
        return tSSASMechConfig.getRequires() == 0 && !this.required;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public String getMechanism() {
        return "GSSUP";
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    @Sensitive
    public byte[] encode(TSSASMechConfig tSSASMechConfig, CSSSASMechConfig cSSSASMechConfig, ClientRequestInfo clientRequestInfo, Codec codec) {
        byte[] bArr = null;
        if (tSSASMechConfig instanceof TSSGSSUPMechConfig) {
            String targetName = ((TSSGSSUPMechConfig) tSSASMechConfig).getTargetName();
            bArr = cSSSASMechConfig.isAsserting() ? encodeGSSUPFromTrustedIdAndPassword(cSSSASMechConfig, codec, targetName) : encodeGSSUPFromBasicAuthSubject(codec, targetName);
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        return bArr;
    }

    @Sensitive
    private byte[] encodeGSSUPFromTrustedIdAndPassword(CSSSASMechConfig cSSSASMechConfig, Codec codec, String str) {
        byte[] bArr = new byte[0];
        String trustedIdentity = cSSSASMechConfig.getTrustedIdentity();
        SerializableProtectedString trustedPassword = cSSSASMechConfig.getTrustedPassword();
        if (trustedIdentity != null && trustedPassword != null && !trustedPassword.isEmpty()) {
            bArr = commonEncode(codec, trustedIdentity, PasswordUtil.passwordDecode(new String(trustedPassword.getChars())), str);
        }
        return bArr;
    }

    @Sensitive
    private byte[] encodeGSSUPFromBasicAuthSubject(Codec codec, String str) {
        byte[] bArr = new byte[0];
        Subject subject = getSubject();
        SubjectHelper subjectHelper = new SubjectHelper();
        WSCredential wSCredential = null;
        if (subject != null) {
            wSCredential = subjectHelper.getWSCredential(subject);
        }
        if (wSCredential != null && wSCredential.isBasicAuth()) {
            try {
                bArr = commonEncode(codec, wSCredential.getSecurityName(), new String(wSCredential.getCredentialToken(), "UTF-8"), str);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.css.CSSGSSUPMechConfigDynamic", "147", this, new Object[]{codec, str});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "The GSSUP token could not be encoded because of exception with message: " + e.getMessage(), new Object[0]);
                }
            }
        } else if (this.password != null && !this.password.isEmpty() && this.username != null && !this.username.isEmpty()) {
            bArr = Util.encodeGSSUPToken(codec, Util.buildScopedUserName(this.username, str), PasswordUtil.passwordDecode(new String(this.password.getChars())).toCharArray(), str);
        }
        return bArr;
    }

    private Subject getSubject() {
        SubjectManager subjectManager = new SubjectManager();
        Subject invocationSubject = subjectManager.getInvocationSubject();
        if (invocationSubject == null) {
            invocationSubject = subjectManager.getCallerSubject();
        }
        return invocationSubject;
    }

    @Sensitive
    private byte[] commonEncode(Codec codec, String str, @Sensitive String str2, String str3) {
        return Util.encodeGSSUPToken(codec, Util.buildScopedUserName(str, str3), str2.toCharArray(), str3);
    }

    @Trivial
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString("", sb);
        return sb.toString();
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    @Trivial
    public void toString(String str, StringBuilder sb) {
        String str2 = str + FFDCLogger.TAB;
        sb.append(str).append("CSSGSSUPMechConfigDynamic: [\n");
        sb.append(str2).append("domain:   ").append(this.domain).append("\n");
        if (this.username != null) {
            sb.append(str2).append("user:   ").append(this.username).append("\n");
        }
        sb.append(str).append("]\n");
    }
}
