package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.csi.CSIException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.deploy.DeployedModule;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.ws.security.delegation.Delegation;
import com.ibm.ws.security.delegation.DelegationFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.security.util.ServerIdentityHelper;
import com.ibm.ws.security.zOS.threadid.ThreadIdentityManager;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.wsspi.security.token.PropagationToken;
import com.ibm.wsspi.wswebcontainer.metadata.WebComponentMetaData;
import com.ibm.wsspi.wswebcontainer.metadata.WebModuleMetaData;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Enumeration;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jst.j2ee.internal.web.operations.CreateServletTemplateModel;
import org.eclipse.jst.j2ee.webapplication.WebApp;
import org.eclipse.jst.jsp.core.internal.java.JSPTranslator;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/web/EJSWebCollaborator.class */
public class EJSWebCollaborator extends WebCollaborator implements WebSecurityCollaborator {
    private static final TraceComponent tc;
    private Delegation delegationPolicy;
    static Class class$com$ibm$ws$security$web$EJSWebCollaborator;
    private final ContextManager contextManager = ContextManagerFactory.getInstance();
    private ThreadIdentityManager threadIdManager = null;
    private WebAppCache webCache = new WebAppCache();

    public EJSWebCollaborator() throws Exception {
        init();
    }

    @Override // com.ibm.ws.security.web.WebCollaborator
    protected WebAppCache getWebCache() {
        return this.webCache;
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public Object preInvoke() throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preInvoke");
        }
        try {
            this.contextManager.clearCallerContext();
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "preInvoke", null);
            return null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "173", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "preInvoke", e);
            }
            throw new WebSecurityException(e.getMessage(), new DenyReply("Unable to clear caller context."), null);
        }
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public Object preInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, boolean z) throws WebSecurityException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preInvoke", new Object[]{httpServletRequest, httpServletResponse, str, str2, str3, new Boolean(z)});
        }
        if (tc.isDebugEnabled() && httpServletRequest != null) {
            Tr.debug(tc, new StringBuffer().append("Http Header names and values:\n").append(debugGetAllHttpHdrs(httpServletRequest)).toString());
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(" Request Context Path=").append(httpServletRequest.getContextPath());
            stringBuffer.append(", Servlet Path=").append(httpServletRequest.getServletPath());
            stringBuffer.append(", Path Info=").append(httpServletRequest.getPathInfo());
            Tr.debug(tc, stringBuffer.toString());
        }
        Subject subject = null;
        Subject subject2 = null;
        Map map = null;
        try {
            subject = this.contextManager.getInvocationSubject();
            subject2 = this.contextManager.getCallerSubject();
            map = this.contextManager.getPropagationTokens();
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "239", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught unexpected exception", e);
            }
        }
        WebSecurityContext webSecurityContext = new WebSecurityContext(subject, subject2, map);
        if (SetUnauthenticatedSubjectIfNeeded(subject, subject2)) {
            try {
                subject = this.contextManager.getInvocationSubject();
            } catch (WSSecurityException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "258", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught unexpected exception", e2);
                }
            }
        }
        String stringBuffer2 = new StringBuffer().append(str2).append(":").append(str).toString();
        String str4 = "";
        String str5 = "";
        if (z || this.contextManager.getPlatformHelper().isZOS()) {
            try {
                WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WebComponentMetaData", componentMetaData);
                }
                if (componentMetaData != null) {
                    WebModuleMetaData moduleMetaData = componentMetaData.getModuleMetaData();
                    str4 = moduleMetaData.getConfiguration().getModuleName();
                    str5 = moduleMetaData.getApplicationMetaData().getName();
                    boolean isServerSecurityEnabled = WSSecurityHelper.isServerSecurityEnabled();
                    boolean checkIfAdminApp = WSAccessManager.checkIfAdminApp(str5);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "preInvoke", new StringBuffer().append("app_name=").append(str5).append(" isAdminApp=").append(checkIfAdminApp).append(" isAppSecurityOn=").append(isServerSecurityEnabled).toString());
                    }
                    if (!isServerSecurityEnabled && !checkIfAdminApp) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "preInvoke", "Skip authorization for non-system apps when app security is disabled.");
                        }
                        return webSecurityContext;
                    }
                }
            } catch (Exception e3) {
                Tr.error(tc, "security.web.compmetadata.error", new Object[]{str, e3});
                FFDCFilter.processException(e3, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "302", this);
                throw new WebSecurityException(e3.getMessage(), new DenyReply("Unable to get WebComponentMetaData object."), webSecurityContext);
            }
        }
        if (httpServletRequest != null && z) {
            WebReply authorizeForJACC = SecurityConfig.isJACCEnabled() ? authorizeForJACC(httpServletRequest, httpServletResponse, stringBuffer2, true, str4, str5) : authorize(httpServletRequest, httpServletResponse, stringBuffer2, true, str5);
            if (authorizeForJACC.getStatusCode() != 200) {
                throw new WebSecurityException(authorizeForJACC.message, authorizeForJACC, webSecurityContext);
            }
            authorizeForJACC.writeResponse(httpServletResponse);
        }
        Subject subject3 = null;
        try {
            subject3 = this.contextManager.getCallerSubject();
        } catch (WSSecurityException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "336", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught unexpected exception", e4);
            }
        }
        Subject subject4 = null;
        if (z) {
            subject4 = delegate(subject3, stringBuffer2, str3, str5);
        }
        if (subject4 != null) {
            try {
                this.contextManager.setInvocationSubject(subject4);
                subject = subject4;
            } catch (Exception e5) {
                FFDCFilter.processException(e5, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "358", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected exception when setting the invocation subject", e5);
                }
                throw new WebSecurityException(null, new DenyReply("DelgationFailed"), webSecurityContext);
            }
        }
        if (this.contextManager.getPlatformHelper().isZOS()) {
            boolean isThreadLocalApplicationSyncEnabled = this.threadIdManager.isThreadLocalApplicationSyncEnabled();
            webSecurityContext.setSyncToThreadToken(setOSThreadIdentity(subject, stringBuffer2, isThreadLocalApplicationSyncEnabled, str5));
            webSecurityContext.setAppSyncToOSThreadEnabled(isThreadLocalApplicationSyncEnabled);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "preInvoke", webSecurityContext);
        }
        return webSecurityContext;
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public Object preInvoke(String str, String str2, String str3) throws WebSecurityException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preInvoke", new Object[]{str, str2, str3});
        }
        try {
            WebSecurityContext webSecurityContext = new WebSecurityContext(this.contextManager.getInvocationSubject(), this.contextManager.getCallerSubject(), this.contextManager.getPropagationTokens());
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.EJSWebCollaborator.1
                    private final EJSWebCollaborator this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        this.this$0.contextManager.setInvocationSubject(this.this$0.contextManager.getServerSubject());
                        return null;
                    }
                });
                WebSecurityContext webSecurityContext2 = (WebSecurityContext) preInvoke(null, null, str, str2, str3, true);
                webSecurityContext.setSyncToThreadToken(webSecurityContext2.getSyncToThreadToken());
                webSecurityContext.setAppSyncToOSThreadEnabled(webSecurityContext2.isAppSyncToOSThreadEnabled());
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "preInvoke", webSecurityContext);
                }
                return webSecurityContext;
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.EJSWebCollaborator", "442", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting ServerSubject on thread : ", new Object[]{e.getException()});
                }
                throw new WebSecurityException(e.getException().getMessage(), new DenyReply("Exception setting ServerSubject on thread"));
            }
        } catch (WSSecurityException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "421", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught unexpected exception", e2);
            }
            throw new WebSecurityException(e2.getMessage(), new DenyReply("Unexpected exception in CntextManager."));
        }
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public void postInvoke(Object obj) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "postInvoke", obj);
        }
        if (this.securityEnabled && obj != null) {
            WebSecurityContext webSecurityContext = (WebSecurityContext) obj;
            try {
                Subject invokedSubject = webSecurityContext.getInvokedSubject();
                Subject receivedSubject = webSecurityContext.getReceivedSubject();
                Map propagationTokens = webSecurityContext.getPropagationTokens();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Resetting invoked: ").append(getPrivTraceData(invokedSubject)).append(" and received: ").append(getPrivTraceData(receivedSubject)).append("subjects").toString());
                }
                this.contextManager.setInvocationSubject(invokedSubject);
                this.contextManager.setCallerSubject(receivedSubject);
                if (propagationTokens != null) {
                    for (String str : propagationTokens.keySet()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("Resetting propagation token: ").append(str).toString());
                        }
                        this.contextManager.setPropagationToken(str, (PropagationToken) propagationTokens.get(str));
                    }
                }
                if (this.contextManager.getPlatformHelper().isZOS()) {
                    this.threadIdManager.setThreadLocalApplicationSyncEnabled(webSecurityContext.isAppSyncToOSThreadEnabled());
                    Object syncToThreadToken = webSecurityContext.getSyncToThreadToken();
                    if (syncToThreadToken != null) {
                        this.threadIdManager.restoreLocalOSThreadID(syncToThreadToken);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.postInvoke", "516", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught unexpected exception", e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "postInvoke");
        }
    }

    private Subject delegate(Subject subject, String str, String str2, String str3) throws CSIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "delegate", new Object[]{getPrivTraceData(subject), str, str2, str3});
        }
        Subject delegate = this.delegationPolicy.delegate(subject, str, this.webCache.getWebAccessContext(str3, str), str2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "delegate", getPrivTraceData(delegate));
        }
        return delegate;
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebSecurityException webSecurityException) throws ServletException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleException", new Object[]{httpServletRequest, httpServletResponse, webSecurityException});
        }
        WebReply webReply = webSecurityException.getWebReply();
        if (webReply.getStatusCode() == 500) {
            ServletException servletException = new ServletException(Constants.nls.getString("security.web.internalservererror", "Internal Server Error"), webSecurityException);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "HandleException", servletException);
            }
            throw servletException;
        }
        webReply.writeResponse(httpServletResponse);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleException");
        }
    }

    public void init() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, CreateServletTemplateModel.INIT);
        }
        try {
            createAuthorizationManager();
            this.delegationPolicy = DelegationFactory.getDelegation();
            if (this.contextManager.getPlatformHelper().isZOS()) {
                this.threadIdManager = ThreadIdentityManager.getThreadIdentityManager();
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.init", "589", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected exception", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, CreateServletTemplateModel.INIT);
        }
    }

    @Override // com.ibm.ws.security.web.WebSecurityCollaborator
    public void addWebAppConfig(String str, WebApp webApp, String str2, Object obj) throws WebSecurityConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addWebAppConfig", new Object[]{str, webApp, str2, obj});
        }
        try {
            addWebApp(str2, str, webApp, (DeployedModule) obj);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.addWebAppConfig", "597", this);
            throw new WebSecurityConfigException(e.getMessage(), null);
        }
    }

    private String debugGetAllParms(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(512);
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            stringBuffer.append(str).append("=");
            String[] parameterValues = httpServletRequest.getParameterValues(str);
            if (parameterValues.length == 1) {
                String str2 = parameterValues[0];
                String lowerCase = str.toLowerCase();
                if (str2.length() == 0) {
                    stringBuffer.append("[No Value]\n");
                } else if (lowerCase.indexOf("password") != -1) {
                    stringBuffer.append("[XXXXXXXX]\n");
                } else {
                    stringBuffer.append(WorkSpaceConstant.FIELD_SEPERATOR).append(str2).append("]\n");
                }
            } else {
                for (String str3 : parameterValues) {
                    stringBuffer.append(WorkSpaceConstant.FIELD_SEPERATOR).append(str3).append("] ");
                }
                stringBuffer.append(JSPTranslator.ENDL);
            }
        }
        return stringBuffer.toString();
    }

    private String debugGetAllHttpHdrs(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(512);
        try {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                stringBuffer.append(str).append("=");
                stringBuffer.append(WorkSpaceConstant.FIELD_SEPERATOR).append(WebAuthenticator.getHeader(httpServletRequest, str)).append("]\n");
            }
        } catch (Throwable th) {
        }
        return stringBuffer.toString();
    }

    private Object setOSThreadIdentity(Subject subject, String str, boolean z, String str2) throws CSIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setOSThreadIdentity", new Object[]{subject, str, new Boolean(z), str2});
        }
        Object obj = null;
        WebAttributes webAttributes = this.webCache.getWebAccessContext(str2, str).getWebAttributes();
        if (webAttributes != null) {
            boolean isApplicationSyncToOSThreadEnabled = webAttributes.isApplicationSyncToOSThreadEnabled();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Sync to thread enabled: ").append(isApplicationSyncToOSThreadEnabled).toString());
            }
            try {
            } catch (Throwable th) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unexpected exception", th);
                }
            }
            if (isApplicationSyncToOSThreadEnabled) {
                obj = this.threadIdManager.setAppLocalOSThreadID(subject);
            } else {
                if (z) {
                    obj = ServerIdentityHelper.getServerIdentityHelper().push();
                }
                this.threadIdManager.setThreadLocalApplicationSyncEnabled(isApplicationSyncToOSThreadEnabled);
            }
            this.threadIdManager.setThreadLocalApplicationSyncEnabled(isApplicationSyncToOSThreadEnabled);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setOSThreadIdentity", obj);
        }
        return obj;
    }

    private static String getPrivTraceData(Object obj) {
        String str = null;
        if (obj != null) {
            try {
                str = (String) AccessController.doPrivileged(new PrivilegedAction(obj) { // from class: com.ibm.ws.security.web.EJSWebCollaborator.2
                    private final Object val$fObj;

                    {
                        this.val$fObj = obj;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return this.val$fObj.toString();
                    }
                });
            } catch (Exception e) {
                str = new StringBuffer().append("Exception in toString: ").append(e.getMessage()).toString();
            }
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$EJSWebCollaborator == null) {
            cls = class$("com.ibm.ws.security.web.EJSWebCollaborator");
            class$com$ibm$ws$security$web$EJSWebCollaborator = cls;
        } else {
            cls = class$com$ibm$ws$security$web$EJSWebCollaborator;
        }
        tc = Tr.register(cls, "Security", (String) null);
    }
}
