package com.ibm.ws.security.server.lm;

import com.ibm.CSIv2Security.NotForwardableMechOID;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.auth.callback.WSRealmNameCallbackImpl;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.registry.UserRegistryImpl;
import com.ibm.ws.security.server.SecurityServerImpl;
import com.ibm.ws.security.token.WSCredentialTokenMapper;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.auth.callback.WSX509CertificateChainCallback;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.io.IOException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/server/lm/swamLoginModule.class */
public class swamLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private WSPrincipal principal;
    private WSCredential credential;
    private static final WebSphereRuntimePermission MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
    private static final TraceComponent tc = Tr.register(swamLoginModule.class, "Security", "com.ibm.ejs.resources.security");
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private UserRegistryImpl registry = null;
    private WSCredentialTokenMapperInterface wsCredMapper = null;
    protected boolean debug = false;

    public swamLoginModule() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "swamLoginModule()");
            Tr.exit(tc, "swamLoginModule()");
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE, new Object[]{subject, callbackHandler, map, map2});
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        this.debug = "true".equalsIgnoreCase((String) this.options.get("debug"));
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "WSLoginModuleImpl initialized");
        }
        if (contextManagerFactory.isCellSecurityEnabled()) {
            try {
                this.wsCredMapper = WSCredentialTokenMapper.getInstance();
                this.registry = (UserRegistryImpl) SecurityServerImpl.getRegistryImpl(contextManagerFactory.getDefaultRealm());
                contextManagerFactory.clearRootException();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.swamLoginModule.initialize", "160", this);
                Tr.error(tc, "security.swam.find.registry", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    public boolean login() throws LoginException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.LOGIN);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (!contextManagerFactory.isCellSecurityEnabled()) {
            try {
                Tr.warning(tc, "security.disabled.during.login");
                if (tc.isDebugEnabled()) {
                    Thread.dumpStack();
                }
                this.credential = SubjectHelper.getWSCredentialFromSubject(SubjectHelper.createUnauthenticatedSubject());
                this.principal = SubjectHelper.createPrincipal(this.credential);
                this.sharedState.put(Constants.WSPRINCIPAL_KEY, this.principal);
                this.sharedState.put(Constants.WSCREDENTIAL_KEY, this.credential);
                this.succeeded = true;
                if (this.debug || tc.isEntryEnabled()) {
                    Tr.exit(tc, "login(security disabled)");
                }
                return this.succeeded;
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception creating principal.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.swamLoginModule.login", "206", this);
                throw new WSLoginFailedException(e.getMessage(), e);
            }
        }
        this.succeeded = false;
        if (this.commitSucceeded) {
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "The login module is in funny state, cleanup before starting a new login process.");
            }
            cleanup();
        }
        Hashtable hashtable = (Hashtable) this.sharedState.get(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        if (hashtable == null) {
            try {
                final Subject subject = this.subject;
                hashtable = (Hashtable) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        Object[] array = subject.getPublicCredentials().toArray();
                        if (swamLoginModule.this.debug || swamLoginModule.tc.isDebugEnabled()) {
                            Tr.debug(swamLoginModule.tc, "Looking for custom properties in public cred list.");
                        }
                        for (int i = 0; i < array.length; i++) {
                            if (swamLoginModule.this.debug || swamLoginModule.tc.isDebugEnabled()) {
                                Tr.debug(swamLoginModule.tc, "Object[" + i + "] in public list: " + array[i]);
                            }
                            if ((array[i] instanceof Hashtable) && (((Hashtable) array[i]).get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID) != null || ((Hashtable) array[i]).get(AttributeNameConstants.WSCREDENTIAL_USERID) != null)) {
                                return array[i];
                            }
                        }
                        Object[] array2 = subject.getPrivateCredentials().toArray();
                        if (swamLoginModule.this.debug || swamLoginModule.tc.isDebugEnabled()) {
                            Tr.debug(swamLoginModule.tc, "Looking for custom properties in private cred list.");
                        }
                        for (int i2 = 0; i2 < array2.length; i2++) {
                            if (swamLoginModule.this.debug || swamLoginModule.tc.isDebugEnabled()) {
                                Tr.debug(swamLoginModule.tc, "Object[" + i2 + "] in private list: " + array2[i2]);
                            }
                            if ((array2[i2] instanceof Hashtable) && (((Hashtable) array2[i2]).get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID) != null || ((Hashtable) array2[i2]).get(AttributeNameConstants.WSCREDENTIAL_USERID) != null)) {
                                return array2[i2];
                            }
                        }
                        return null;
                    }
                });
            } catch (PrivilegedActionException e2) {
                FFDCFilter.processException(e2.getException(), "com.ibm.ws.security.server.lm.ltpaLoginModule.login", "286", this);
                contextManagerFactory.setRootException(e2.getException());
                throw new WSLoginFailedException(e2.getException().getMessage(), e2.getException());
            }
        }
        if (this.callbackHandler == null) {
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("swamLoginModule: No CallbackHandler available to gather authentication information from the user.");
            contextManagerFactory.setRootException(wSLoginFailedException);
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "swamLoginModule: No CallbackHandler available to gather authentication information from the user.", wSLoginFailedException);
            }
            throw wSLoginFailedException;
        }
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false), new WSRealmNameCallbackImpl("Realm Name: ", contextManagerFactory.getDefaultRealm()), new WSX509CertificateChainCallback("X509Certificate[]: ")};
        char[] cArr = null;
        try {
            this.callbackHandler.handle(nameCallbackArr);
            String name = nameCallbackArr[0].getName();
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            if (password != null) {
                cArr = new char[password.length];
                System.arraycopy(password, 0, cArr, 0, password.length);
                ((PasswordCallback) nameCallbackArr[1]).clearPassword();
            }
            String realmName = ((WSRealmNameCallbackImpl) nameCallbackArr[2]).getRealmName();
            final X509Certificate[] x509CertificateChain = ((WSX509CertificateChainCallback) nameCallbackArr[3]).getX509CertificateChain();
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "uid = " + name);
                Tr.debug(tc, "X509 cert chain = " + x509CertificateChain);
                Tr.debug(tc, "realm = " + realmName);
                Tr.debug(tc, "password = " + (cArr == null ? null : "XXXXXXXX"));
            }
            if (x509CertificateChain == null && name == null && cArr == null) {
                WSLoginFailedException wSLoginFailedException2 = new WSLoginFailedException("swamLoginModule: No authentication data.");
                contextManagerFactory.setRootException(wSLoginFailedException2);
                throw wSLoginFailedException2;
            }
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "Successfully gathered authentication information");
            }
            if (hashtable != null && hashtable.get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID) != null && hashtable.get(AttributeNameConstants.WSCREDENTIAL_USERID) == null) {
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                        Tr.debug(tc, "Expecting : " + MAP_CREDENTIAL.toString());
                    }
                    securityManager.checkPermission(MAP_CREDENTIAL);
                }
                try {
                    try {
                        final Hashtable hashtable2 = hashtable;
                        this.credential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.2
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws WSLoginFailedException {
                                return swamLoginModule.this.wsCredMapper.createWSCredentialFromProperties(hashtable2);
                            }
                        });
                        if (this.credential != null) {
                            this.sharedState.put(Constants.WSCREDENTIAL_KEY, this.credential);
                        }
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "WSCredential contains: " + this.credential);
                        }
                        this.principal = contextManagerFactory.createPrincipal(this.credential);
                        if (this.principal != null) {
                            this.sharedState.put(Constants.WSPRINCIPAL_KEY, this.principal);
                        }
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "WSPrincipal contains: " + this.principal);
                        }
                        if (this.debug || tc.isEntryEnabled()) {
                            Tr.debug(tc, "Custom login module passing in credential properties.");
                            Tr.exit(tc, "login()");
                        }
                        this.succeeded = true;
                        return this.succeeded;
                    } catch (PrivilegedActionException e3) {
                        FFDCFilter.processException(e3.getException(), "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.login", "400", this);
                        contextManagerFactory.setRootException(e3.getException());
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurred during properties login: ", new Object[]{e3.getException()});
                        }
                        throw new WSLoginFailedException(e3.getException().getMessage(), e3.getException());
                    }
                } catch (WSLoginFailedException e4) {
                    contextManagerFactory.setRootException(e4);
                    FFDCFilter.processException(e4, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.login", "422", this);
                    if (this.debug || tc.isEntryEnabled()) {
                        Tr.exit(tc, "Exception creating SAP tokens.", new Object[]{e4});
                    }
                    throw e4;
                } catch (Exception e5) {
                    contextManagerFactory.setRootException(e5);
                    FFDCFilter.processException(e5, "com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.login", "429", this);
                    if (this.debug || tc.isEntryEnabled()) {
                        Tr.exit(tc, "Exception creating SAP tokens.", new Object[]{e5});
                    }
                    throw new WSLoginFailedException(e5.getMessage(), e5);
                }
            }
            if (hashtable != null && hashtable.get(AttributeNameConstants.WSCREDENTIAL_USERID) != null) {
                if (this.debug || tc.isEntryEnabled()) {
                    Tr.debug(tc, "Setting uid and/or password from hashtable.");
                }
                name = (String) hashtable.get(AttributeNameConstants.WSCREDENTIAL_USERID);
                String str = (String) hashtable.get(AttributeNameConstants.WSCREDENTIAL_PASSWORD);
                if (str != null) {
                    cArr = str.toCharArray();
                }
                if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "uid = " + name);
                    Tr.debug(tc, "password = " + (cArr == null ? "<null>" : "XXXXXXXX"));
                }
            }
            if (name != null && cArr != null) {
                if (realmName == null || realmName.length() == 0) {
                    realmName = contextManagerFactory.getDefaultRealm();
                }
                if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using uid and password for authentication");
                    StringBuffer stringBuffer = new StringBuffer("Authenticating \"");
                    stringBuffer.append(realmName).append('/').append(name).append("\"");
                    Tr.debug(tc, stringBuffer.toString());
                }
                try {
                    String checkPassword = this.registry.checkPassword(name, new String(cArr));
                    try {
                        if (SecurityObjectLocator.getAdminData().getString("com.ibm.ws.security.internalServerId") == null || !contextManagerFactory.isInternalServerId(checkPassword)) {
                            final WSCredential createCredential = this.registry.createCredential(checkPassword);
                            try {
                                this.credential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.3
                                    @Override // java.security.PrivilegedExceptionAction
                                    public Object run() throws Exception {
                                        return new WSCredentialImpl(createCredential, NotForwardableMechOID.value, RegistryUtil.nullByteArray, false, -1L);
                                    }
                                });
                            } catch (PrivilegedActionException e6) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e6.getException()});
                                }
                                FFDCFilter.processException(e6.getException(), "com.ibm.ws.security.server.SecurityServerImpl.mapCredential", "522", this);
                                contextManagerFactory.setRootException(e6.getException());
                                throw e6.getException();
                            }
                        } else {
                            this.credential = contextManagerFactory.getServerCredential();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Got credential from ContextManager: " + this.credential);
                            }
                        }
                    } catch (Exception e7) {
                        FFDCFilter.processException(e7, "com.ibm.ws.security.server.lm.swamLoginModule.login", "530", this);
                        contextManagerFactory.setRootException(e7);
                        throw new WSLoginFailedException(e7.getMessage(), e7);
                    }
                } catch (Exception e8) {
                    FFDCFilter.processException(e8, "com.ibm.ws.security.server.lm.swamLoginModule.login", "488", this);
                    contextManagerFactory.setRootException(e8);
                    throw new WSLoginFailedException(e8.getMessage(), e8);
                }
            } else {
                if (name == null && x509CertificateChain == null) {
                    WSLoginFailedException wSLoginFailedException3 = new WSLoginFailedException("swamLoginModule: No authentication data");
                    contextManagerFactory.setRootException(wSLoginFailedException3);
                    throw wSLoginFailedException3;
                }
                SecurityManager securityManager2 = System.getSecurityManager();
                if (securityManager2 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                        Tr.debug(tc, "Expecting : " + MAP_CREDENTIAL.toString());
                    }
                    securityManager2.checkPermission(MAP_CREDENTIAL);
                }
                if (x509CertificateChain != null) {
                    try {
                        name = (String) contextManagerFactory.runAsSystem(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.4
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                try {
                                    if (swamLoginModule.this.debug || swamLoginModule.tc.isDebugEnabled()) {
                                        Tr.debug(swamLoginModule.tc, "Mapping X509Certificate[] to uid.");
                                    }
                                    return CSIUtil.getInstance().parseCert(x509CertificateChain);
                                } catch (Exception e9) {
                                    throw e9;
                                }
                            }
                        });
                    } catch (PrivilegedActionException e9) {
                        FFDCFilter.processException(e9.getException(), "com.ibm.ws.security.server.ltpa.ltpaLoginModule.login", "578", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception parsing client certificate.", new Object[]{e9.getException()});
                        }
                        throw new WSLoginFailedException(e9.getException().getMessage(), e9.getException());
                    }
                }
                if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using uid to mapCredential.");
                    StringBuffer stringBuffer2 = new StringBuffer("Authenticating \"");
                    stringBuffer2.append(realmName).append('/').append(name).append("\"");
                    Tr.debug(tc, stringBuffer2.toString());
                }
                try {
                    if (SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getBoolean("com.ibm.websphere.security.registry.UseTAM") && !RegistryUtil.checkValidUserifTAM(name, this.registry)) {
                        throw new WSLoginFailedException("User is not valid in Access Manager");
                    }
                    final WSCredential createCredential2 = this.registry.createCredential(name);
                    try {
                        this.credential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.5
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return new WSCredentialImpl(createCredential2, NotForwardableMechOID.value, RegistryUtil.nullByteArray, false, -1L);
                            }
                        });
                    } catch (PrivilegedActionException e10) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e10.getException()});
                        }
                        FFDCFilter.processException(e10, "com.ibm.ws.security.server.lm.swamLoginModule.login", "627", this);
                        contextManagerFactory.setRootException(e10.getException());
                        throw e10.getException();
                    }
                } catch (Exception e11) {
                    FFDCFilter.processException(e11, "com.ibm.ws.security.server.lm.swamLoginModule.login", "634", this);
                    contextManagerFactory.setRootException(e11);
                    if (e11 instanceof WSLoginFailedException) {
                        throw ((WSLoginFailedException) e11);
                    }
                    throw new WSLoginFailedException(e11.getMessage(), e11);
                }
            }
            if (this.credential == null) {
                WSLoginFailedException wSLoginFailedException4 = new WSLoginFailedException("swamLoginModule: Credential returned from SAS authentication is null");
                contextManagerFactory.setRootException(wSLoginFailedException4);
                throw wSLoginFailedException4;
            }
            try {
                this.principal = contextManagerFactory.createPrincipal(this.credential);
                this.sharedState.put(Constants.WSCREDENTIAL_KEY, this.credential);
                if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSCredential contains: " + this.credential);
                }
                this.sharedState.put(Constants.WSPRINCIPAL_KEY, this.principal);
                if (this.debug || tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSPrincipal contains: " + this.principal);
                }
                this.succeeded = true;
                if (this.debug || tc.isEntryEnabled()) {
                    Tr.exit(tc, AuditConstants.LOGIN, new Boolean(this.succeeded));
                }
                return this.succeeded;
            } catch (Exception e12) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred creating new WS Principal.", new Object[]{e12});
                }
                FFDCFilter.processException(e12, "com.ibm.ws.security.server.lm.swamLoginModule.login", "664", this);
                contextManagerFactory.setRootException(e12);
                throw new WSLoginFailedException(e12.getMessage(), e12);
            }
        } catch (IOException e13) {
            FFDCFilter.processException(e13, "com.ibm.ws.security.server.lm.swamLoginModule.login", "329", this);
            Tr.error(tc, "security.swam.callback.ex", new Object[]{e13});
            contextManagerFactory.setRootException(e13);
            throw new WSLoginFailedException("swamLoginModule IOException: " + e13.getMessage(), e13);
        } catch (UnsupportedCallbackException e14) {
            FFDCFilter.processException(e14, "com.ibm.ws.security.server.lm.swamLoginModule.login", "336", this);
            Tr.error(tc, "security.swam.unsupport.callback", new Object[]{e14.getCallback().toString(), e14});
            contextManagerFactory.setRootException(e14);
            throw new WSLoginFailedException(e14.getCallback().toString() + " not supported by CallbackHandler to gather authentication information from the user", e14);
        }
    }

    public boolean commit() throws LoginException {
        boolean z;
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "commit");
        }
        if (this.succeeded) {
            if (!this.commitSucceeded) {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (this.principal == null) {
                    WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("swamLoginModule: WSPrincipal is null in commit (phase 2) stage");
                    contextManagerFactory.setRootException(wSLoginFailedException);
                    throw wSLoginFailedException;
                }
                if (this.credential == null) {
                    WSLoginFailedException wSLoginFailedException2 = new WSLoginFailedException("swamLoginModule: WSCredential is null in commit (phase 2) stage");
                    contextManagerFactory.setRootException(wSLoginFailedException2);
                    throw wSLoginFailedException2;
                }
                try {
                    if (this.debug || tc.isDebugEnabled()) {
                        Tr.debug(tc, "Start committing the changes to the Subject ...");
                    }
                    try {
                        AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.6
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                if (!swamLoginModule.this.subject.getPrincipals().contains(swamLoginModule.this.principal)) {
                                    swamLoginModule.this.subject.getPrincipals().add(swamLoginModule.this.principal);
                                }
                                if (swamLoginModule.this.subject.getPublicCredentials().contains(swamLoginModule.this.credential)) {
                                    return null;
                                }
                                swamLoginModule.this.credential.set("wssecurity.identity_name", VaultConstants.ClientAuthToken);
                                swamLoginModule.this.credential.set("wssecurity.identity_value", StringBytesConversion.getConvertedBytes(swamLoginModule.this.credential.getRealmSecurityName()));
                                swamLoginModule.this.subject.getPublicCredentials().add(swamLoginModule.this.credential);
                                return null;
                            }
                        });
                        if (this.debug || tc.isDebugEnabled()) {
                            Tr.debug(tc, "Change committed!");
                        }
                        this.commitSucceeded = true;
                    } catch (PrivilegedActionException e) {
                        FFDCFilter.processException(e.getException(), "com.ibm.ws.security.server.lm.swamLoginModule.commit", "771", this);
                        contextManagerFactory.setRootException(e.getException());
                        throw new WSLoginFailedException(e.getException().getMessage(), e.getException());
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.swamLoginModule.commit", "786", this);
                    Tr.error(tc, "security.swam.commit.ex", new Object[]{e2});
                    cleanup();
                    this.commitSucceeded = false;
                }
            } else if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "It has been committed prior this call, nothing is done.");
            }
            z = this.commitSucceeded;
        } else {
            if (this.debug || tc.isDebugEnabled()) {
                Tr.debug(tc, "Do not commit because of authentication failed.");
            }
            z = false;
        }
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, "commit", new Boolean(z));
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!this.debug && !tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!this.debug && !tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    private void cleanup() {
        if (this.debug || tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Start removing WSPrinciapl, WSCredential, and CORBA Credentials from the Subject.");
            Tr.debug(tc, "Start removing ...");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.server.lm.swamLoginModule.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    if (swamLoginModule.this.principal != null && swamLoginModule.this.subject.getPrincipals().contains(swamLoginModule.this.principal)) {
                        swamLoginModule.this.subject.getPrincipals().remove(swamLoginModule.this.principal);
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.swamLoginModule.run", "917", this);
                    Tr.error(swamLoginModule.tc, "security.swam.remove.prin.ex", new Object[]{swamLoginModule.this.principal.getName(), e});
                }
                try {
                    if (swamLoginModule.this.credential != null && swamLoginModule.this.subject.getPublicCredentials().contains(swamLoginModule.this.credential)) {
                        swamLoginModule.this.subject.getPublicCredentials().remove(swamLoginModule.this.credential);
                    }
                    return null;
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.swamLoginModule.run", "929", this);
                    Tr.error(swamLoginModule.tc, "security.swam.remove.cred.ex", new Object[]{e2});
                    return null;
                }
            }
        });
        if (this.debug || tc.isDebugEnabled()) {
            Tr.debug(tc, "Removed.");
        }
        this.principal = null;
        this.credential = null;
        if (this.debug || tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }
}
