package com.ibm.ISecurityLocalObjectCSIv2UtilityImpl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.wssecurity.platform.token.KRBAuthnToken;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Hashtable;
import javax.security.auth.Subject;
import org.aspectj.apache.bcel.Constants;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/SecurityExecutionEnvironment.class */
public final class SecurityExecutionEnvironment implements Serializable {
    private static final long serialVersionUID = 8804343014975817029L;
    private static final int VERSION_1 = 1;
    private int _version = 1;
    private boolean _isServerCredential;
    private boolean _isUnauthenticatedCredential;
    private boolean _isBasicAuthCredential;
    private boolean _isForwardableCredential;
    private String _realm;
    private String _securityName;
    private String _accessId;
    private String _uniqueSecurityName;
    private ArrayList _groupIds;
    private String _oid;
    private byte[] _credentialToken;
    private long _expiration;
    private String _clientUniqueId;
    private String _managedNodeUUID;
    private String _userBeforeRunAs;
    private byte[] _krbAuthnToken;
    private static Class adminContextClz;
    private static Method peekMethod;
    private static final TraceComponent tc = Tr.register((Class<?>) SecurityExecutionEnvironment.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static final Class thisClass = SecurityExecutionEnvironment.class;

    public SecurityExecutionEnvironment() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        initializeManagedNodeUUID();
        initializeUserBeforeRunAs();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    public SecurityExecutionEnvironment(Subject subject) {
        KRBAuthnToken kerberosAuthnTokenFromSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME, subject);
        }
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        String clientUniqueIDForOutboundRequests = ContextManagerFactory.getInstance().getClientUniqueIDForOutboundRequests(subject);
        if (AuthMechanismConfig.TYPE_KERBEROS.equals(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getType()) && (kerberosAuthnTokenFromSubject = SubjectHelper.getKerberosAuthnTokenFromSubject(subject)) != null) {
            if (kerberosAuthnTokenFromSubject.isTokenValid()) {
                this._krbAuthnToken = kerberosAuthnTokenFromSubject.getTokenBytes();
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Falling back to LTPA for internal request! The krbAuthnToken was not added to the SEED because the token was invalid.");
            }
        }
        initialize(wSCredentialFromSubject, clientUniqueIDForOutboundRequests);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    public SecurityExecutionEnvironment(WSCredential wSCredential, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME, new Object[]{wSCredential, str});
        }
        initialize(wSCredential, str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    private void initialize(WSCredential wSCredential, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE, new Object[]{wSCredential, str});
        }
        try {
            this._isServerCredential = ContextManagerFactory.getInstance().isServerCred(wSCredential);
            this._isUnauthenticatedCredential = wSCredential.isUnauthenticated();
            this._isBasicAuthCredential = wSCredential.isBasicAuth();
            this._isForwardableCredential = wSCredential.isForwardable();
            this._realm = wSCredential.getRealmName();
            this._securityName = wSCredential.getSecurityName();
            this._accessId = wSCredential.getAccessId();
            this._uniqueSecurityName = wSCredential.getUniqueSecurityName();
            this._clientUniqueId = str;
            this._groupIds = wSCredential.getGroupIds();
            this._oid = wSCredential.getOID();
            this._credentialToken = wSCredential.getCredentialToken();
            this._expiration = wSCredential.getExpiration();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SecurityExecutionEnvironment", "225", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to build SecurityExecutionEnvrionment", e);
            }
            this._isUnauthenticatedCredential = true;
            this._credentialToken = null;
            this._expiration = 1L;
        }
        initializeManagedNodeUUID();
        initializeUserBeforeRunAs();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    public Hashtable getLoginHashtable() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLoginHashtable");
        }
        Hashtable hashtable = new Hashtable();
        if (this._isBasicAuthCredential) {
            if (this._realm != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_REALM, this._realm);
            }
            if (this._securityName != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_USERID, this._securityName);
            }
            if (this._credentialToken != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_PASSWORD, new String(this._credentialToken));
            }
        } else if (!this._isUnauthenticatedCredential && !this._isServerCredential) {
            if (this._uniqueSecurityName != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, this._accessId);
            }
            if (this._realm != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_REALM, this._realm);
            }
            if (this._securityName != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, this._securityName);
            }
            if (this._groupIds != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS, this._groupIds);
            }
            if (this._oid != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_OID, this._oid);
            }
            hashtable.put(AttributeNameConstants.WSCREDENTIAL_FORWARDABLE, this._isForwardableCredential ? "true" : "false");
            if (this._uniqueSecurityName != null) {
                hashtable.put(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY, "WASSeedLoginCacheKey:" + this._accessId);
            }
        } else if (this._isUnauthenticatedCredential || this._isServerCredential) {
            hashtable = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLoginHashtable", hashtable);
        }
        return hashtable;
    }

    public boolean isServerCredential() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerCredential");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isServerCredential", new Boolean(this._isServerCredential));
        }
        return this._isServerCredential;
    }

    public boolean isUnauthenticatedCredential() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUnauthenticatedCredential");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUnauthenticatedCredential");
        }
        return this._isUnauthenticatedCredential;
    }

    public boolean isBasicAuthCredential() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isBasicAuthCredential");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isBasicAuthCredential", new Boolean(this._isBasicAuthCredential));
        }
        return this._isBasicAuthCredential;
    }

    public boolean isForwardableCredential() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isForwardableCredential");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isForwardableCredential", new Boolean(this._isForwardableCredential));
        }
        return this._isForwardableCredential;
    }

    public String getRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", this._realm);
        }
        return this._realm;
    }

    public String getSecurityName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityName", this._securityName);
        }
        return this._securityName;
    }

    public String getAccessId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAccessId", this._accessId);
        }
        return this._accessId;
    }

    public String getUniqueId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueId");
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueId", this._uniqueSecurityName);
        }
        return this._uniqueSecurityName;
    }

    public String getClientUniqueId() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getClientUniqueId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getClientUniqueId", this._clientUniqueId);
        }
        return this._clientUniqueId;
    }

    public ArrayList getGroupIds() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupIds");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupIds", this._groupIds);
        }
        return this._groupIds;
    }

    public String getOID() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOID");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOID", this._oid);
        }
        return this._oid;
    }

    public byte[] getCredentialToken() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialToken");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCredentialToken", this._isBasicAuthCredential ? "secret".getBytes() : this._credentialToken);
        }
        return this._credentialToken;
    }

    public long getCredentialExpiration() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialExpiration");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCredentialExpiration", new Long(this._expiration));
        }
        return this._expiration;
    }

    public byte[] getKrbAuthnToken() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKrbAuthnToken");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKrbAuthnToken", this._krbAuthnToken);
        }
        return this._krbAuthnToken;
    }

    public byte[] getBytes() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getBytes");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
        try {
            new ObjectOutputStream(byteArrayOutputStream).writeObject(this);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.getBytes", "424", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to serialize execution environment", e);
            }
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getBytes", this._isBasicAuthCredential ? "secret".getBytes() : byteArray);
        }
        return byteArray;
    }

    public static SecurityExecutionEnvironment createFromBytes(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createFromBytes", bArr);
        }
        SecurityExecutionEnvironment securityExecutionEnvironment = null;
        try {
            securityExecutionEnvironment = (SecurityExecutionEnvironment) new ObjectInputStream(new ByteArrayInputStream(bArr)).readObject();
        } catch (Exception e) {
            Manager.Ffdc.log(e, SecurityExecutionEnvironment.class, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.createFromBytes", "451");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to deserialize the execution environment", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createFromBytes", securityExecutionEnvironment);
        }
        return securityExecutionEnvironment;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject", objectOutputStream);
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        putFields.put("_version", this._version);
        putFields.put("_isServerCredential", this._isServerCredential);
        putFields.put("_isUnauthenticatedCredential", this._isUnauthenticatedCredential);
        putFields.put("_isBasicAuthCredential", this._isBasicAuthCredential);
        putFields.put("_isForwardableCredential", this._isForwardableCredential);
        putFields.put("_realm", this._realm);
        putFields.put("_securityName", this._securityName);
        putFields.put("_accessId", this._accessId);
        putFields.put("_uniqueSecurityName", this._uniqueSecurityName);
        putFields.put("_groupIds", this._groupIds);
        putFields.put("_oid", this._oid);
        putFields.put("_credentialToken", this._credentialToken);
        putFields.put("_expiration", this._expiration);
        putFields.put("_clientUniqueId", this._clientUniqueId);
        putFields.put("_managedNodeUUID", this._managedNodeUUID);
        putFields.put("_userBeforeRunAs", this._userBeforeRunAs);
        putFields.put("_krbAuthnToken", this._krbAuthnToken);
        objectOutputStream.writeFields();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "readObject", objectInputStream);
        }
        ObjectInputStream.GetField readFields = objectInputStream.readFields();
        this._version = readFields.get("_version", 1);
        this._isServerCredential = readFields.get("_isServerCredential", false);
        this._isUnauthenticatedCredential = readFields.get("_isUnauthenticatedCredential", true);
        this._isBasicAuthCredential = readFields.get("_isBasicAuthCredential", false);
        this._isForwardableCredential = readFields.get("_isForwardableCredential", false);
        this._realm = (String) readFields.get("_realm", (Object) null);
        this._securityName = (String) readFields.get("_securityName", (Object) null);
        this._accessId = (String) readFields.get("_accessId", (Object) null);
        this._uniqueSecurityName = (String) readFields.get("_uniqueSecurityName", (Object) null);
        this._groupIds = (ArrayList) readFields.get("_groupIds", (Object) null);
        this._oid = (String) readFields.get("_oid", (Object) null);
        this._credentialToken = (byte[]) readFields.get("_credentialToken", (Object) null);
        this._expiration = readFields.get("_expiration", 0L);
        this._clientUniqueId = (String) readFields.get("_clientUniqueId", (Object) null);
        this._managedNodeUUID = (String) readFields.get("_managedNodeUUID", (Object) null);
        this._userBeforeRunAs = (String) readFields.get("_userBeforeRunAs", (Object) null);
        this._krbAuthnToken = (byte[]) readFields.get("_krbAuthnToken", (Object) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "readObject");
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer(super.toString());
        stringBuffer.append(";_isServerCredential=").append(this._isServerCredential);
        stringBuffer.append(";_isUnauthenticatedCredential=").append(this._isUnauthenticatedCredential);
        stringBuffer.append(";_isBasicAuthCredential=").append(this._isBasicAuthCredential);
        stringBuffer.append(";_isForwardableCredential=").append(this._isForwardableCredential);
        stringBuffer.append(":_realm=").append(this._realm);
        stringBuffer.append(";_accessId=").append(this._accessId);
        stringBuffer.append(";_clientUniqueId=").append(this._clientUniqueId);
        stringBuffer.append(";_groupIds=").append(this._groupIds);
        stringBuffer.append(";_oid=").append(this._oid);
        stringBuffer.append(";_expiration=").append(this._expiration);
        stringBuffer.append(";_managedNodeUUID=").append(this._managedNodeUUID);
        stringBuffer.append(";_userBeforeRunAs=").append(this._userBeforeRunAs);
        stringBuffer.append(";_krbAuthnToken=").append(this._krbAuthnToken);
        return stringBuffer.toString();
    }

    public String getManagedNodeUUID() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getManagedNodeUUID");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getManagedNodeUUID", this._managedNodeUUID);
        }
        return this._managedNodeUUID;
    }

    private void initializeManagedNodeUUID() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeManagedNodeUUID");
        }
        this._managedNodeUUID = peekAdminContext();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeManagedNodeUUID", this._managedNodeUUID);
        }
    }

    public String getUserBeforeRunAs() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserBeforeRunAs");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserBeforeRunAs", this._userBeforeRunAs);
        }
        return this._userBeforeRunAs;
    }

    private void initializeUserBeforeRunAs() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeUserBeforeRunAs");
        }
        try {
            this._userBeforeRunAs = ContextManagerFactory.getInstance().getUserBeforeRunAs();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.initializeUserBeforeRunAs", "632", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get user before runAs was called", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeUserBeforeRunAs", this._userBeforeRunAs);
        }
    }

    public static String peekAdminContext() {
        String str = null;
        try {
            str = (String) peekMethod.invoke(null, new Object[0]);
        } catch (Throwable th) {
            Manager.Ffdc.log(th, thisClass, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.peekAdminContext", "%C");
        }
        return str;
    }

    static {
        adminContextClz = null;
        peekMethod = null;
        try {
            adminContextClz = Class.forName("com.ibm.websphere.management.AdminContext");
            peekMethod = adminContextClz.getMethod("peek", new Class[0]);
        } catch (Throwable th) {
        }
    }
}
