package com.ibm.ws.security.authentication.internal.jaas.modules;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationConstants;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.collective.CollectiveAuthenticationPlugin;
import com.ibm.ws.security.authentication.internal.SSOTokenHelper;
import com.ibm.ws.security.authentication.internal.jaas.JAASServiceImpl;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.credentials.ExpirableCredential;
import com.ibm.ws.security.jaas.common.modules.CommonLoginModule;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.14.jar:com/ibm/ws/security/authentication/internal/jaas/modules/ServerCommonLoginModule.class */
public abstract class ServerCommonLoginModule extends CommonLoginModule implements LoginModule {
    private static final TraceComponent tc = Tr.register(ServerCommonLoginModule.class);
    protected SubjectHelper subjectHelper = new SubjectHelper();
    static final long serialVersionUID = -2220015015022536355L;

    /* JADX INFO: Access modifiers changed from: protected */
    public CollectiveAuthenticationPlugin getCollectiveAuthenticationPlugin() throws RegistryException {
        return JAASServiceImpl.getCollectiveAuthenticationPlugin();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserRegistry getUserRegistry() throws RegistryException {
        return JAASServiceImpl.getUserRegistry();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenManager getTokenManager() {
        return JAASServiceImpl.getTokenManager();
    }

    CredentialsService getCredentialsService() {
        return JAASServiceImpl.getCredentialsService();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationService getAuthenticationService() {
        return JAASServiceImpl.getAuthenticationService();
    }

    public abstract Callback[] getRequiredCallbacks(CallbackHandler callbackHandler) throws IOException, UnsupportedCallbackException;

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSecurityName(String str, String str2) throws EntryNotFoundException, RegistryException {
        String userSecurityName;
        UserRegistry userRegistry = getUserRegistry();
        if (userRegistry != null && userRegistry.getType() != "CUSTOM" && (userSecurityName = userRegistry.getUserSecurityName(str2)) != null) {
            return userSecurityName;
        }
        if (str != null) {
            return str;
        }
        if (userRegistry != null) {
            return userRegistry.getUserSecurityName(str2);
        }
        throw new NullPointerException("No user registry");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPrincipalAndCredentials(Subject subject, String str, String str2, String str3, String str4) throws Exception {
        subject.getPrincipals().add(new WSPrincipal(str, str3, str4));
        if (str2 != null && !str2.equals(str)) {
            Hashtable hashtable = new Hashtable();
            hashtable.put(AuthenticationConstants.UR_AUTHENTICATED_USERID_KEY, str2);
            subject.getPrivateCredentials().add(hashtable);
        }
        getCredentialsService().setCredentials(subject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SingleSignonToken getSSOToken(Subject subject) {
        return SSOTokenHelper.getSSOToken(subject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateSharedState() {
        updateSharedStateWithWSPrincipal();
        updateSharedStateWithWSCredential();
        updateSharedStateWithSSOToken();
    }

    private void updateSharedStateWithWSPrincipal() {
        Iterator it = this.temporarySubject.getPrincipals(WSPrincipal.class).iterator();
        if (it.hasNext()) {
            this.sharedState.put(Constants.WSPRINCIPAL_KEY, (WSPrincipal) it.next());
        }
    }

    private void updateSharedStateWithWSCredential() {
        WSCredential wSCredential = new SubjectHelper().getWSCredential(this.temporarySubject);
        if (wSCredential != null) {
            this.sharedState.put(Constants.WSCREDENTIAL_KEY, wSCredential);
        }
    }

    private void updateSharedStateWithSSOToken() {
        SingleSignonToken sSOToken = getSSOToken(this.temporarySubject);
        if (sSOToken != null) {
            this.sharedState.put(Constants.WSSSOTOKEN_KEY, sSOToken);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUpSubject() throws LoginException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.1
                static final long serialVersionUID = 3767048587206963547L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    ServerCommonLoginModule.this.updateSubjectWithSharedStateContents();
                    ServerCommonLoginModule.this.updateSubjectWithTemporarySubjectContents();
                    ServerCommonLoginModule.this.optionallySetWSCredentialExpiration();
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule", "215", this, new Object[0]);
            throw new LoginException("Unable to setup the Subject: " + e.getLocalizedMessage());
        }
    }

    protected void updateSubjectWithSharedStateContents() {
        this.subject.getPrincipals().add((WSPrincipal) this.sharedState.get(Constants.WSPRINCIPAL_KEY));
        this.subject.getPublicCredentials().add(this.sharedState.get(Constants.WSCREDENTIAL_KEY));
        if (this.sharedState.get(Constants.WSSSOTOKEN_KEY) != null) {
            this.subject.getPrivateCredentials().add(this.sharedState.get(Constants.WSSSOTOKEN_KEY));
        }
    }

    protected void updateSubjectWithTemporarySubjectContents() {
        updateSubjectWithPrincipalsOtherThanWSPrincipal();
        updateSubjectWithPublicCredentialsOtherThanWSCredential();
        updateSubjectWithPrivateCredentialsOtherThanSSOToken();
    }

    private void updateSubjectWithPrincipalsOtherThanWSPrincipal() {
        Set principals = this.temporarySubject.getPrincipals(WSPrincipal.class);
        Set<Principal> principals2 = this.temporarySubject.getPrincipals();
        principals2.removeAll(principals);
        this.subject.getPrincipals().addAll(principals2);
    }

    private void updateSubjectWithPublicCredentialsOtherThanWSCredential() {
        Set publicCredentials = this.temporarySubject.getPublicCredentials(WSCredential.class);
        Set<Object> publicCredentials2 = this.temporarySubject.getPublicCredentials();
        publicCredentials2.removeAll(publicCredentials);
        this.subject.getPublicCredentials().addAll(publicCredentials2);
    }

    private void updateSubjectWithPrivateCredentialsOtherThanSSOToken() {
        SingleSignonToken sSOToken = getSSOToken(this.temporarySubject);
        Set<Object> privateCredentials = this.temporarySubject.getPrivateCredentials();
        privateCredentials.remove(sSOToken);
        this.subject.getPrivateCredentials().addAll(privateCredentials);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void optionallySetWSCredentialExpiration() {
        WSCredential wSCredential = this.subjectHelper.getWSCredential(this.subject);
        SingleSignonToken sSOToken = getSSOToken(this.subject);
        if (sSOToken == null || !(wSCredential instanceof ExpirableCredential)) {
            return;
        }
        ((ExpirableCredential) wSCredential).setExpiration(sSOToken.getExpiration());
    }

    void setUpSubject(final String str, final String str2, final String str3) throws LoginException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.2
                static final long serialVersionUID = -6116513221642715968L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    ServerCommonLoginModule.this.temporarySubject = new Subject();
                    ServerCommonLoginModule.this.setPrincipalAndCredentials(ServerCommonLoginModule.this.temporarySubject, str, null, str2, str3);
                    ServerCommonLoginModule.this.subject.getPrincipals().addAll(ServerCommonLoginModule.this.temporarySubject.getPrincipals());
                    ServerCommonLoginModule.this.subject.getPublicCredentials().addAll(ServerCommonLoginModule.this.temporarySubject.getPublicCredentials());
                    ServerCommonLoginModule.this.subject.getPrivateCredentials().addAll(ServerCommonLoginModule.this.temporarySubject.getPrivateCredentials());
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule", "296", this, new Object[]{str, str2, str3});
            throw new LoginException(e.getLocalizedMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAlreadyProcessed() {
        return this.sharedState != null && "true".equalsIgnoreCase((String) this.sharedState.get(Constants.ALREADY_PROCESSED));
    }
}
