package com.ibm.ws.security.auth.j2c;

import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSEncodeDecodeException;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.auth.WSPrincipalImpl;
import com.ibm.ws.security.cred.AuthDataCredential;
import com.ibm.ws.security.util.AuthData;
import java.io.IOException;
import java.util.HashMap;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:lib/security.jar:com/ibm/ws/security/auth/j2c/WSDefaultPrincipalMapping.class */
public class WSDefaultPrincipalMapping {
    private static final TraceComponent tc;
    private static final WebSphereRuntimePermission perm;
    private static HashMap authDataMap;
    private static String DEFAULT_PRINCIPAL_MAPPING;
    private static final String LOCAL_AUTHDATA_FILE = "WAS_AuthDataFile";
    private static boolean search_mode_initialized;
    private static HashMap localAuthDataMap;
    private static boolean local_file_loaded;
    private static final String CALLBACK_HANDLER = "CallbackHandler";
    static Class class$com$ibm$ws$security$auth$j2c$WSDefaultPrincipalMapping;

    private WSDefaultPrincipalMapping() {
        Tr.warning(tc, "security.j2c.invalidWSDefaultPrincipalMapping");
    }

    public static Subject getSubject(ManagedConnectionFactory managedConnectionFactory, String str, String str2) throws IOException, LoginException, SecurityException, Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getSubject(ManagedConnectionFactory, ").append(str).append(", ").append(str2).append(")").toString());
        }
        String str3 = null;
        if (str2 != null) {
            str3 = str2.trim();
        }
        String trim = str == null ? DEFAULT_PRINCIPAL_MAPPING : str.trim();
        if (trim.equals(DEFAULT_PRINCIPAL_MAPPING)) {
            Subject subject = new Subject();
            subject.getPrincipals().add(new WSPrincipalImpl(WSSubject.getCallerPrincipal()));
            if (str3 == null || str3.equals("")) {
                return subject;
            }
            try {
                AuthData authDataInt = getAuthDataInt(str3);
                if (authDataInt == null) {
                    Tr.warning(tc, "auth data not found - null");
                    throw new LoginException("Incorrect authDataEntry");
                }
                PasswordCredential passwordCredential = new PasswordCredential(authDataInt.uid, authDataInt.psw.toCharArray());
                passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
                subject.getPrivateCredentials().add(passwordCredential);
                return subject;
            } catch (NullPointerException e) {
                Tr.warning(tc, "Exception caught - auth data does not exist", new Object[]{e});
                return subject;
            }
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        try {
            LoginContext loginContext = new LoginContext(trim, new WSPrincipalMappingCallbackHandler(str3, managedConnectionFactory));
            loginContext.login();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSubject(ManagedConnectionFactory, loginEntry, authDataAlias)");
            }
            return loginContext.getSubject();
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping.getSubject", "351");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append(GSSEncodeDecodeException.exceptionCaughtStr).append(e2).toString());
            }
            throw e2;
        }
    }

    public static AuthDataCredential getAuthData(String str) throws LoginException, SecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("getAuthData(uidpswEntry = ").append(str).append(")").toString());
        }
        if (str == null || str.length() == 0) {
            return null;
        }
        if (!search_mode_initialized) {
            search_mode_initialized = true;
            String str2 = null;
            try {
                str2 = System.getProperties().getProperty(LOCAL_AUTHDATA_FILE);
                if (str2 != null && str2.length() > 0) {
                    localAuthDataMap = new AuthDataFile(str2).load();
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Loading ").append(str2).append(" unsuccessful").toString());
                }
            }
        }
        if (localAuthDataMap == null) {
            try {
                AuthData authDataInt = getAuthDataInt(str);
                if (authDataInt != null) {
                    return new AuthDataCredential(authDataInt.uid, authDataInt.psw, 0);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Alias not defined on server; local search not enabled or auth.data.props not loaded.");
                }
                return new AuthDataCredential(null, null, 1);
            } catch (NullPointerException e2) {
                return new AuthDataCredential(null, null, 3);
            }
        }
        AuthData authData = (AuthData) localAuthDataMap.get(str);
        if (authData != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("authData for ").append(str).append(" found, uid = ").append(authData.uid).toString());
            }
            return new AuthDataCredential(authData.uid, authData.psw, 0);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("authData for ").append(str).append(" not found in local auth.data.props").toString());
        }
        return new AuthDataCredential(null, null, 4);
    }

    public static synchronized void refreshAuthData(HashMap hashMap) throws SecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshAuthData");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        authDataMap = hashMap;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshAuthData");
        }
    }

    public static synchronized AuthData getAuthDataInt(String str) throws SecurityException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("getOneAuthDataEntry(uidpswEntry = ").append(str).append(")").toString());
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(perm.toString()).toString());
            }
            securityManager.checkPermission(perm);
        }
        if (authDataMap != null) {
            return (AuthData) authDataMap.get(str);
        }
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$j2c$WSDefaultPrincipalMapping == null) {
            cls = class$("com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping");
            class$com$ibm$ws$security$auth$j2c$WSDefaultPrincipalMapping = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$j2c$WSDefaultPrincipalMapping;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        perm = new WebSphereRuntimePermission("getPasswordCredential");
        authDataMap = null;
        DEFAULT_PRINCIPAL_MAPPING = "DefaultPrincipalMapping";
        search_mode_initialized = false;
        localAuthDataMap = null;
        local_file_loaded = false;
    }
}
