package com.ibm.ws.security.jaas.common.modules;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.security.auth.callback.Constants;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.jaas.common_1.0.14.jar:com/ibm/ws/security/jaas/common/modules/CommonLoginModule.class */
public abstract class CommonLoginModule implements LoginModule {
    public CallbackHandler callbackHandler;
    public Subject subject;
    public Map<String, Object> sharedState;
    public Map<String, ?> options;
    public Subject temporarySubject;
    static final long serialVersionUID = -8873301121271047884L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(CommonLoginModule.class);

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.sharedState = map;
        this.options = map2;
    }

    public boolean commit() throws LoginException {
        return true;
    }

    public boolean abort() throws LoginException {
        cleanup();
        return true;
    }

    public boolean logout() throws LoginException {
        cleanup();
        return true;
    }

    private void cleanup() {
        cleanUpSubject();
        if (this.subject == null || this.subject.isReadOnly()) {
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.security.jaas.common.modules.CommonLoginModule.1
            static final long serialVersionUID = -8939944198056458774L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.security.PrivilegedAction
            public Object run() {
                CommonLoginModule.this.subject.getPrincipals().removeAll(CommonLoginModule.this.subject.getPrincipals());
                CommonLoginModule.this.subject.getPublicCredentials().removeAll(CommonLoginModule.this.subject.getPublicCredentials());
                CommonLoginModule.this.subject.getPrivateCredentials().removeAll(CommonLoginModule.this.subject.getPrivateCredentials());
                return null;
            }
        });
        this.subject = null;
    }

    public void cleanUpSubject() {
        if (this.temporarySubject != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.security.jaas.common.modules.CommonLoginModule.2
                static final long serialVersionUID = 1521170073680014210L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                @Override // java.security.PrivilegedAction
                public Object run() {
                    CommonLoginModule.this.removeSubjectPrincipals();
                    CommonLoginModule.this.removeSubjectPublicCredentials();
                    CommonLoginModule.this.removeSubjectPrivateCredentials();
                    return null;
                }
            });
        }
        this.temporarySubject = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeSubjectPrincipals() {
        Set<Principal> principals = this.subject.getPrincipals();
        principals.removeAll(this.temporarySubject.getPrincipals());
        principals.remove(this.sharedState.get(Constants.WSPRINCIPAL_KEY));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeSubjectPublicCredentials() {
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        publicCredentials.removeAll(this.temporarySubject.getPublicCredentials());
        publicCredentials.remove(this.sharedState.get(Constants.WSCREDENTIAL_KEY));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeSubjectPrivateCredentials() {
        Set<Object> privateCredentials = this.subject.getPrivateCredentials();
        privateCredentials.removeAll(this.temporarySubject.getPrivateCredentials());
        privateCredentials.remove(this.sharedState.get(Constants.WSSSOTOKEN_KEY));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUpSubject(final Subject subject) throws LoginException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.jaas.common.modules.CommonLoginModule.3
                static final long serialVersionUID = 4262646482875537837L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass3.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    CommonLoginModule.this.subject.getPrincipals().addAll(subject.getPrincipals());
                    CommonLoginModule.this.subject.getPublicCredentials().addAll(subject.getPublicCredentials());
                    CommonLoginModule.this.subject.getPrivateCredentials().addAll(subject.getPrivateCredentials());
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jaas.common.modules.CommonLoginModule", "128", this, new Object[]{subject});
            throw new LoginException(e.getLocalizedMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAlreadyProcessed() {
        if (this.sharedState != null) {
            this.sharedState.put(Constants.ALREADY_PROCESSED, "true");
        }
    }
}
