package com.ibm.ws.security.delegation;

import com.ibm.ejs.models.base.bindings.applicationbnd.RunAsMap;
import com.ibm.ejs.models.base.bindings.commonbnd.BasicAuthData;
import com.ibm.ejs.models.base.extensions.ejbext.RunAsMode;
import com.ibm.ejs.models.base.extensions.ejbext.RunAsSpecifiedIdentity;
import com.ibm.ejs.models.base.extensions.ejbext.SecurityIdentity;
import com.ibm.ejs.models.base.extensions.ejbext.UseCallerIdentity;
import com.ibm.ejs.models.base.extensions.ejbext.UseSystemIdentity;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.csi.CSIException;
import com.ibm.websphere.csi.EJBKey;
import com.ibm.websphere.csi.EJBMethodInfo;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityCollaborator;
import com.ibm.ws.security.ejb.BeanPermissionRoleMap;
import com.ibm.ws.security.ejb.RunAsMapTable;
import com.ibm.ws.security.ejb.SecurityBeanCookie;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.WCCMHelper;
import com.ibm.ws.security.web.WebAccessContext;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.j2ee.common.Identity;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.ejb.EnterpriseBean;
import org.eclipse.jst.j2ee.webapplication.Servlet;
import org.eclipse.jst.j2ee.webapplication.WebApp;

/* compiled from: DelegationImpl.java */
/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/security/delegation/MethodDelegation.class */
class MethodDelegation implements Delegation {
    private ContextManager contextManager = ContextManagerFactory.getInstance();
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$delegation$MethodDelegation;

    protected boolean checkRunAsMethod(SecurityIdentity securityIdentity, String str, String str2) {
        EList methodElements = securityIdentity.getMethodElements();
        return (methodElements == null || methodElements.size() == 0 || !BeanPermissionRoleMap.findMatchingMethod(str, str2, methodElements)) ? false : true;
    }

    @Override // com.ibm.ws.security.delegation.Delegation
    public Subject delegate(EJBKey eJBKey, EJBMethodInfo eJBMethodInfo, Subject subject, Subject subject2, SecurityBeanCookie securityBeanCookie) throws CSIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "runAsDelegation");
        }
        String methodWithSignature = SecurityCollaborator.getMethodWithSignature(eJBMethodInfo.getMethodName(), eJBMethodInfo.getMethodSignature());
        eJBMethodInfo.isHome();
        String stringBuffer = new StringBuffer().append(methodWithSignature).append(":").append(eJBMethodInfo.getInterfaceType().getValue()).toString();
        Subject subject3 = subject2;
        EList runAsSettings = securityBeanCookie.getRunAsSettings();
        String appName = securityBeanCookie.getAppName();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Checking RunAs for : App = ").append(appName).append(" Bean = ").append(securityBeanCookie.getBeanName()).append(" Method = ").append(stringBuffer).toString());
        }
        if (runAsSettings != null) {
            int size = runAsSettings.size();
            for (int i = 0; i < size; i++) {
                SecurityIdentity securityIdentity = (SecurityIdentity) runAsSettings.get(i);
                RunAsMode runAsMode = securityIdentity.getRunAsMode();
                if (checkRunAsMethod(securityIdentity, securityBeanCookie.getBeanName(), stringBuffer)) {
                    if (runAsMode instanceof UseCallerIdentity) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "RunAs set to Caller Identity ");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "runAsDelegation");
                        }
                        return subject2;
                    }
                    if (runAsMode instanceof UseSystemIdentity) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "RunAs set to System Identity ");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "runAsDelegation");
                        }
                        return subject;
                    }
                    if (runAsMode instanceof RunAsSpecifiedIdentity) {
                        Subject runAsSpecifiedUserSubject = getRunAsSpecifiedUserSubject(((RunAsSpecifiedIdentity) runAsMode).getRunAsSpecifiedIdentity().getRoleName(), appName);
                        if (runAsSpecifiedUserSubject == null) {
                            runAsSpecifiedUserSubject = subject2;
                        }
                        return runAsSpecifiedUserSubject;
                    }
                }
            }
        }
        EnterpriseBean enterpriseBeanNamed = securityBeanCookie.getEjbJar().getEnterpriseBeanNamed(securityBeanCookie.getBeanName());
        if (enterpriseBeanNamed == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Cannot find bean ").append(securityBeanCookie.getBeanName()).append(" in the jar").toString());
            }
            return subject3;
        }
        org.eclipse.jst.j2ee.common.SecurityIdentity securityIdentity2 = enterpriseBeanNamed.getSecurityIdentity();
        if (securityIdentity2 != null) {
            if (securityIdentity2 instanceof org.eclipse.jst.j2ee.common.UseCallerIdentity) {
                subject3 = subject2;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RunAs set to Caller Identity ");
                }
            } else if (securityIdentity2 instanceof org.eclipse.jst.j2ee.common.RunAsSpecifiedIdentity) {
                subject3 = getRunAsSpecifiedUserSubject(((org.eclipse.jst.j2ee.common.RunAsSpecifiedIdentity) securityIdentity2).getIdentity().getRoleName(), appName);
                if (subject3 == null) {
                    subject3 = subject2;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "runAsDelegation");
        }
        return subject3;
    }

    @Override // com.ibm.ws.security.delegation.Delegation
    public Subject delegate(Subject subject, String str, WebAccessContext webAccessContext, String str2) throws CSIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("delegate ").append(str2).toString());
        }
        Subject subject2 = subject;
        WebApp webApp = webAccessContext.getWebApp();
        Servlet servlet = null;
        if (webApp != null && str2 != null) {
            servlet = webApp.getServletNamed(str2);
        }
        if (servlet != null) {
            org.eclipse.jst.j2ee.common.RunAsSpecifiedIdentity runAs = servlet.getRunAs();
            if (runAs != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("RunAs Specified for servlet").append(str2).toString());
                }
                Identity identity = runAs.getIdentity();
                if (identity != null) {
                    subject2 = getRunAsSpecifiedUserSubject(identity.getRoleName(), webAccessContext.getEnterpriseAppName());
                    if (subject2 == null) {
                        subject2 = subject;
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Servlet not Specified in DD for servlet").append(str2).toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "delegate");
        }
        return subject2;
    }

    protected Subject getRunAsSpecifiedUserSubject(String str, String str2) {
        Subject subject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRunAsSpecifiedUserSubject");
        }
        SecurityRole createSecurityRole = WCCMHelper.createSecurityRole(null, str);
        RunAsMap runAsMap = (RunAsMap) AccessController.doPrivileged(new PrivilegedAction(this, str2) { // from class: com.ibm.ws.security.delegation.MethodDelegation.1
            private final String val$appName;
            private final MethodDelegation this$0;

            {
                this.this$0 = this;
                this.val$appName = str2;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                SecurityCollaborator.getRunAsMapTable();
                return RunAsMapTable.getRunAsMap(this.val$appName);
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("RunAs set to Specified Identity : RunAs Role = ").append(str).toString());
        }
        if (runAsMap != null) {
            BasicAuthData basicAuthData = (BasicAuthData) runAsMap.getAuthData(createSecurityRole);
            if (basicAuthData != null) {
                try {
                    subject = this.contextManager.login(this.contextManager.getDefaultRealm(), basicAuthData.getUserId(), basicAuthData.getPassword());
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.core.SecurityCollaborator.getRunAsSpecifiedUserSubject", "293", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception during user authentication:", e);
                    }
                    Tr.audit(tc, "security.authn.failed.foruser", new Object[]{basicAuthData.getUserId()});
                    subject = null;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getRunAsSpecifiedUserSubject");
                }
                return subject;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Application Identity Not Configured");
                Tr.debug(tc, "Invocation (SPECIFIED) identity is set to ClientIdentity");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRunAsSpecifiedUserSubject");
        }
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$delegation$MethodDelegation == null) {
            cls = class$("com.ibm.ws.security.delegation.MethodDelegation");
            class$com$ibm$ws$security$delegation$MethodDelegation = cls;
        } else {
            cls = class$com$ibm$ws$security$delegation$MethodDelegation;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
    }
}
