package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.12.cl50920160904-1225.jar:com/ibm/ws/webcontainer/security/WebProviderAuthenticatorHelper.class */
public class WebProviderAuthenticatorHelper {
    private static final TraceComponent tc = Tr.register(WebProviderAuthenticatorHelper.class);
    private final AtomicServiceReference<SecurityService> securityServiceRef;
    static final long serialVersionUID = -2515578849328032021L;

    public WebProviderAuthenticatorHelper(AtomicServiceReference<SecurityService> atomicServiceReference) {
        this.securityServiceRef = atomicServiceReference;
    }

    public AuthenticationResult loginWithUserName(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Subject subject, Hashtable<String, Object> hashtable, boolean z) {
        Subject subject2 = subject;
        if (subject2 == null) {
            subject2 = new Subject();
        }
        if (hashtable == null) {
            hashtable = new Hashtable<>();
        }
        updateHashtable(str, hashtable, z, this.securityServiceRef.getService().getAuthenticationService());
        subject2.getPrivateCredentials().add(hashtable);
        Subject authenticateWithSubject = authenticateWithSubject(httpServletRequest, httpServletResponse, subject2);
        if (authenticateWithSubject == null) {
            return new AuthenticationResult(AuthResult.FAILURE, "subject is null");
        }
        removeSecurityNameAndUniquedIdFromHashtable(authenticateWithSubject, hashtable, z);
        return new AuthenticationResult(AuthResult.SUCCESS, authenticateWithSubject);
    }

    public AuthenticationResult loginWithHashtable(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Subject subject) {
        Subject authenticateWithSubject = authenticateWithSubject(httpServletRequest, httpServletResponse, subject);
        return authenticateWithSubject == null ? new AuthenticationResult(AuthResult.FAILURE, "subject is null") : new AuthenticationResult(AuthResult.SUCCESS, authenticateWithSubject);
    }

    private void updateHashtable(String str, Hashtable<String, Object> hashtable, boolean z, AuthenticationService authenticationService) {
        if (z) {
            addUserOnlyToHashTable(str, hashtable, authenticationService);
            return;
        }
        hashtable.put("com.ibm.wsspi.security.cred.securityName", str);
        if (hashtable.get("com.ibm.wsspi.security.cred.uniqueId") == null) {
            addUniqueIdToHashtable(hashtable, str);
        }
    }

    private void addUniqueIdToHashtable(Hashtable<String, Object> hashtable, String str) {
        String str2 = "defaultRealm";
        try {
            str2 = this.securityServiceRef.getService().getUserRegistryService().getUserRegistry().getRealm();
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebProviderAuthenticatorHelper", "122", this, new Object[]{hashtable, str});
        }
        hashtable.put("com.ibm.wsspi.security.cred.uniqueId", new StringBuffer("user:").append(str2).append("/").append(str).toString());
    }

    private void addUserOnlyToHashTable(String str, Hashtable<String, Object> hashtable, AuthenticationService authenticationService) {
        if (!authenticationService.isAllowHashTableLoginWithIdOnly().booleanValue()) {
            hashtable.put("com.ibm.ws.authentication.internal.assertion", Boolean.TRUE);
        }
        hashtable.put("com.ibm.wsspi.security.cred.userId", str);
    }

    private void removeSecurityNameAndUniquedIdFromHashtable(Subject subject, Hashtable<String, ?> hashtable, boolean z) {
        if (z || subject.isReadOnly()) {
            return;
        }
        Set<Object> privateCredentials = subject.getPrivateCredentials();
        privateCredentials.remove(hashtable);
        hashtable.remove("com.ibm.wsspi.security.cred.uniqueId");
        hashtable.remove("com.ibm.wsspi.security.cred.securityName");
        if (hashtable.isEmpty()) {
            return;
        }
        privateCredentials.add(hashtable);
    }

    @FFDCIgnore({AuthenticationException.class})
    private Subject authenticateWithSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Subject subject) {
        Subject subject2 = null;
        try {
            subject2 = this.securityServiceRef.getService().getAuthenticationService().authenticate("system.WEB_INBOUND", createAuthenticationData(httpServletRequest, httpServletResponse), subject);
        } catch (AuthenticationException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception when performing authenticateWithSubject.", e);
            }
        }
        return subject2;
    }

    @Trivial
    protected AuthenticationData createAuthenticationData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
        wSAuthenticationData.set("HTTP_SERVLET_REQUEST", httpServletRequest);
        wSAuthenticationData.set("HTTP_SERVLET_RESPONSE", httpServletResponse);
        return wSAuthenticationData;
    }
}
