package com.ibm.ws.security.common.auth.module;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.auth.util.Util;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:runtimes/com.ibm.ws.webservices.thinclient_6.1.0.jar:com/ibm/ws/security/common/auth/module/WSAdminClientLoginModuleImpl.class */
public class WSAdminClientLoginModuleImpl implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private WSPrincipal principal;
    private WSCredential credential;
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$common$auth$module$WSAdminClientLoginModuleImpl;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    protected boolean debug = false;

    public WSAdminClientLoginModuleImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSAdminClientLoginModuleImpl()");
            Tr.exit(tc, "WSAdminClientLoginModuleImpl()");
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("initialize(subject = \"").append(subject.toString()).append("\", callbackHandler = \"").append(callbackHandler.toString()).append("\", sharedState = \"").append(map.toString()).append("\", options = \"").append(map2.toString()).append("\")").toString());
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = "true".equalsIgnoreCase((String) this.options.get("debug"));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WSAdminClientLoginModuleImpl initialized");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(subject, callbackHandler, sharedState, options)");
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        this.succeeded = false;
        if (this.commitSucceeded) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The login module is in funny state, cleanup before starting a new login process.");
            }
            cleanup();
        }
        if (this.callbackHandler == null) {
            throw new WSLoginFailedException("No CallbackHandler available to gather authentication information from the user.");
        }
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        char[] cArr = null;
        try {
            this.callbackHandler.handle(nameCallbackArr);
            String name = nameCallbackArr[0].getName();
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            if (password != null) {
                cArr = new char[password.length];
                System.arraycopy(password, 0, cArr, 0, password.length);
                ((PasswordCallback) nameCallbackArr[1]).clearPassword();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("uid = ").append(name).toString());
                Tr.debug(tc, new StringBuffer().append("password = ").append(cArr == null ? "<null>" : "XXXXXXXX").toString());
            }
            if (name == null && cArr == null) {
                throw new WSLoginFailedException("No authentication data.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Successfully gathered authentication information");
            }
            if (name == null && cArr == null) {
                throw new WSLoginFailedException("No authentication data");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using uid and password for authentication");
                StringBuffer stringBuffer = new StringBuffer("Authenticating \"");
                stringBuffer.append(name).append("\"");
                Tr.debug(tc, stringBuffer.toString());
            }
            if (cArr == null) {
                try {
                    cArr = new char[0];
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.login", "239", this);
                    throw new WSLoginFailedException("LoginFailed.", e);
                }
            }
            this.credential = new WSCredentialImpl("", name, String.valueOf(cArr));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Credential after authentication: ").append(this.credential).toString());
            }
            try {
                this.principal = null;
                if (this.credential != null) {
                    this.principal = ContextManagerFactory.getInstance().createPrincipal(this.credential);
                }
                this.succeeded = true;
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, new StringBuffer().append("login(): status = ").append(this.succeeded).toString());
                }
                return this.succeeded;
            } catch (WSSecurityException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.login", "262", this);
                throw new WSLoginFailedException("Failed to create WSPrincipal", e2);
            }
        } catch (IOException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.login", "191", this);
            Tr.error(tc, "security.jaas.callBackHandlerIOException", new Object[]{getClass().getName(), e3});
            throw new WSLoginFailedException("java.io.IOException from CallbackHandler.handle()", e3);
        } catch (UnsupportedCallbackException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.login", "196", this);
            Tr.error(tc, "security.jaas.callBackHandlerException", new Object[]{getClass().getName(), e4.getCallback().toString(), e4});
            throw new WSLoginFailedException(new StringBuffer().append(e4.getCallback().toString()).append(" not supported by CallbackHandler to gather authentication information ").append("from the user").toString(), e4);
        }
    }

    public boolean commit() throws LoginException {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        if (this.succeeded) {
            if (!this.commitSucceeded) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Start committing the changes to the Subject ...");
                    }
                    if (this.credential != null && this.principal != null) {
                        AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.1
                            private final WSAdminClientLoginModuleImpl this$0;

                            {
                                this.this$0 = this;
                            }

                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                if (!this.this$0.subject.getPrincipals().contains(this.this$0.principal)) {
                                    this.this$0.subject.getPrincipals().add(this.this$0.principal);
                                }
                                if (this.this$0.subject.getPublicCredentials().contains(this.this$0.credential)) {
                                    return null;
                                }
                                this.this$0.subject.getPublicCredentials().add(this.this$0.credential);
                                return null;
                            }
                        });
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Change committed!");
                    }
                    this.commitSucceeded = true;
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.commit", "339", this);
                    Tr.error(tc, "security.jaas.LoginModuleCommitError", new Object[]{getClass().getName(), e});
                    cleanup();
                    this.commitSucceeded = false;
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "It has been committed prior this call, nothing is done.");
            }
            z = this.commitSucceeded;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Do not commit because of authentication failed.");
            }
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("commit(): status = ").append(z).toString());
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Start removing WSPrinciapl, WSCredential, and CORBA Credentials from the Subject.");
            Tr.debug(tc, "Start removing ...");
        }
        AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.2
            private final WSAdminClientLoginModuleImpl this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    if (this.this$0.principal != null && this.this$0.subject.getPrincipals().contains(this.this$0.principal)) {
                        this.this$0.subject.getPrincipals().remove(this.this$0.principal);
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.run", "455", this);
                    Tr.error(WSAdminClientLoginModuleImpl.tc, "security.jaas.removePrinException", new Object[]{getClass().getName(), this.this$0.principal.getName(), e});
                }
                if (this.this$0.credential == null) {
                    return null;
                }
                try {
                    if (this.this$0.subject.getPublicCredentials().contains(this.this$0.credential)) {
                        this.this$0.subject.getPublicCredentials().remove(this.this$0.credential);
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.run", "464", this);
                    Tr.error(WSAdminClientLoginModuleImpl.tc, "security.jaas.removeCredException", new Object[]{getClass().getName(), e2});
                }
                try {
                    this.this$0.credential.destroy();
                    return null;
                } catch (Exception e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl.run", "483", this);
                    if (!WSAdminClientLoginModuleImpl.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(WSAdminClientLoginModuleImpl.tc, "Credential destroy failed");
                    Tr.debug(WSAdminClientLoginModuleImpl.tc, Util.toString(e3));
                    return null;
                }
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Removed.");
        }
        this.principal = null;
        this.credential = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$common$auth$module$WSAdminClientLoginModuleImpl == null) {
            cls = class$("com.ibm.ws.security.common.auth.module.WSAdminClientLoginModuleImpl");
            class$com$ibm$ws$security$common$auth$module$WSAdminClientLoginModuleImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$common$auth$module$WSAdminClientLoginModuleImpl;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
