package com.ibm.wps.sso.credentialvault;

import com.ibm.wps.command.CommandException;
import com.ibm.wps.command.ObjectKey;
import com.ibm.wps.command.credentialvault.CreateSlotCommand;
import com.ibm.wps.command.credentialvault.DeleteSlotCommand;
import com.ibm.wps.command.credentialvault.GetAllSegmentsCommand;
import com.ibm.wps.command.credentialvault.GetPortletAccessibleSlotsCommand;
import com.ibm.wps.command.credentialvault.SetBinarySecretCommand;
import com.ibm.wps.command.credentialvault.SetUserPasswordSecretCommand;
import com.ibm.wps.engine.RunData;
import com.ibm.wps.portletservice.credentialvault.CredentialSecretNotSetException;
import com.ibm.wps.portletservice.credentialvault.CredentialSlotConfig;
import com.ibm.wps.portletservice.credentialvault.CredentialVaultService;
import com.ibm.wps.portletservice.credentialvault.VaultSegmentConfig;
import com.ibm.wps.portletservice.credentialvault.credentials.Credential;
import com.ibm.wps.portletservice.credentialvault.credentials.JaasSubjectPassiveCredential;
import com.ibm.wps.puma.User;
import com.ibm.wps.services.log.Log;
import com.ibm.wps.sso.credentialvault.secrets.CredentialSecret;
import com.ibm.wps.sso.credentialvault.secrets.JaasSubjectCredentialSecret;
import com.ibm.wps.sso.vaultservice.Vault;
import com.ibm.wps.util.ObjectID;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.jetspeed.portlet.PortletRequest;
import org.apache.jetspeed.portlet.service.PortletServiceException;
import org.apache.jetspeed.portlet.service.PortletServiceUnavailableException;
import org.apache.jetspeed.portlet.service.spi.PortletServiceConfig;
import org.apache.jetspeed.portlet.service.spi.PortletServiceProvider;
import org.apache.jetspeed.portletcontainer.PortletRequestImpl;

/* loaded from: input_file:plugins/com.ibm.wps_4.2.0/wps.jar:com/ibm/wps/sso/credentialvault/CredentialVaultServiceProvider.class */
public class CredentialVaultServiceProvider implements CredentialVaultService, PortletServiceProvider {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-B88, (C) Copyright IBM Corp. 2001, 2002 - All Rights reserved.";
    private static final String LOGGER = "com.ibm.wps.sso.credentialvault";
    private CredentialSlot cVirtualSlotObject_UserJaasSubject = null;

    @Override // org.apache.jetspeed.portlet.service.spi.PortletServiceProvider
    public void init(PortletServiceConfig portletServiceConfig) throws PortletServiceUnavailableException {
        try {
            this.cVirtualSlotObject_UserJaasSubject = new CredentialSlot(CredentialVaultService.PREDEFINED_SLOT_USER_JAAS_SUBJECT, "JaasSubject", (VaultSegmentConfig) null, (Map) null, (Map) null, 5, false, (ObjectID) null, (ObjectID) null, false);
        } catch (Exception e) {
            Log.error(LOGGER, "Initialization error in CredentialService.getCredential: Couldn't create virtual slot cVirtualSlotObject_UserJaasSubject.", e);
            throw new PortletServiceUnavailableException("Initialization error in CredentialService.getCredential: Couldn't create virtual slot cVirtualSlotObject_UserJaasSubject.");
        }
    }

    @Override // org.apache.jetspeed.portlet.service.spi.PortletServiceProvider
    public void destroy() {
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public Iterator getCredentialTypes() {
        return CredentialTypeRegistry.getCredentialTypes();
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public String getSlotDescription(String str, Locale locale) throws PortletServiceException {
        CredentialSlot retrieveSlot = retrieveSlot(str);
        return locale != null ? retrieveSlot.getVaultSlotDescription(locale) : retrieveSlot.getVaultSlotDescription();
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public Iterator getAccessibleSlots(PortletRequest portletRequest) throws PortletServiceException {
        GetPortletAccessibleSlotsCommand getPortletAccessibleSlotsCommand = new GetPortletAccessibleSlotsCommand();
        try {
            getPortletAccessibleSlotsCommand.setUser(extractUser(portletRequest));
            getPortletAccessibleSlotsCommand.setCpiid(extractCpiid(portletRequest));
            getPortletAccessibleSlotsCommand.execute();
            return getPortletAccessibleSlotsCommand.getSlots();
        } catch (CommandException e) {
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public void setCredentialSecretBinary(String str, byte[] bArr, PortletRequest portletRequest) throws PortletServiceException {
        SetBinarySecretCommand setBinarySecretCommand = new SetBinarySecretCommand();
        try {
            setBinarySecretCommand.setSlotName(str);
            setBinarySecretCommand.setUser(extractUser(portletRequest));
            setBinarySecretCommand.setSecret(bArr);
            setBinarySecretCommand.setConcretePortletInstanceKey(ObjectKey.getObjectKey(extractCpiid(portletRequest)));
            setBinarySecretCommand.execute();
        } catch (CommandException e) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "Exception during execute of command credentialvault.SecretSetBinary:", e);
            }
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public void setCredentialSecretUserPassword(String str, String str2, char[] cArr, PortletRequest portletRequest) throws PortletServiceException {
        SetUserPasswordSecretCommand setUserPasswordSecretCommand = new SetUserPasswordSecretCommand();
        try {
            setUserPasswordSecretCommand.setSlotName(str);
            setUserPasswordSecretCommand.setUser(extractUser(portletRequest));
            setUserPasswordSecretCommand.setUserId(str2);
            setUserPasswordSecretCommand.setPassword(cArr);
            setUserPasswordSecretCommand.setConcretePortletInstanceKey(ObjectKey.getObjectKey(extractCpiid(portletRequest)));
            setUserPasswordSecretCommand.execute();
        } catch (CommandException e) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "Exception during execute of command credentialvault.SecretSetUserPassword:", e);
            }
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public CredentialSlotConfig createSlot(String str, ObjectID objectID, Map map, Map map2, int i, boolean z, boolean z2, PortletRequest portletRequest) throws PortletServiceException {
        CreateSlotCommand createSlotCommand = new CreateSlotCommand();
        try {
            createSlotCommand.setResourceName(str);
            createSlotCommand.setSegmentId(objectID);
            createSlotCommand.setDescriptions(map);
            createSlotCommand.setKeywords(map2);
            createSlotCommand.setSecretType(i);
            createSlotCommand.setSystemCredential(Boolean.FALSE);
            createSlotCommand.setUserObjectID(extractUser(portletRequest).getObjectId());
            if (z2) {
                createSlotCommand.setConcretePortletInstanceKey(ObjectKey.getObjectKey(extractCpiid(portletRequest)));
            } else {
                createSlotCommand.setConcretePortletInstanceKey(null);
            }
            createSlotCommand.setActive(new Boolean(z));
            createSlotCommand.execute();
            return createSlotCommand.getConfiguration();
        } catch (CommandException e) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "Exception during execute of command credentialvault.SlotCreate:", e);
            }
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public void deleteSlot(String str) throws PortletServiceException {
        DeleteSlotCommand deleteSlotCommand = new DeleteSlotCommand();
        try {
            deleteSlotCommand.setSlotId(str);
            deleteSlotCommand.execute();
        } catch (CommandException e) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "Exception during execute of command credentialvault.SlotDelete:", e);
            }
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public ObjectID getDefaultUserVaultSegmentId() throws PortletServiceException {
        GetAllSegmentsCommand getAllSegmentsCommand = new GetAllSegmentsCommand();
        try {
            getAllSegmentsCommand.execute();
            List segments = getAllSegmentsCommand.getSegments();
            for (int i = 0; i < segments.size(); i++) {
                VaultSegmentConfig vaultSegmentConfig = (VaultSegmentConfig) segments.get(i);
                if (vaultSegmentConfig.isUserMapped()) {
                    return vaultSegmentConfig.getObjectID();
                }
            }
            return null;
        } catch (CommandException e) {
            Log.error(LOGGER, "Exception during execute of command credentialvault.getDefaultSegmentId:", e);
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public List getAllVaultSegments() throws PortletServiceException {
        GetAllSegmentsCommand getAllSegmentsCommand = new GetAllSegmentsCommand();
        try {
            getAllSegmentsCommand.execute();
            return getAllSegmentsCommand.getSegments();
        } catch (CommandException e) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "Exception during execute of command credentialvault.getAllVaultSegments:", e);
            }
            throw new PortletServiceException(new StringBuffer().append("Exception occurred: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public Credential getCredential(String str, String str2, Map map, PortletRequest portletRequest) throws PortletServiceException, CredentialSecretNotSetException {
        CredentialSlot retrieveSlot;
        CredentialSecret credentialSecret;
        if (Log.isDebugEnabled(LOGGER)) {
            Log.debug(LOGGER, "CredentialService.getCredential.entry");
            Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: slotId = ").append(str).append("credentialType = ").append(str2).append("portletCredentialConfig = ").append(map).append("portletRequest = ").append(portletRequest).toString());
        }
        boolean equals = str.equals(CredentialVaultService.PREDEFINED_SLOT_USER_JAAS_SUBJECT);
        if (equals) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "CredentialService.getCredential: setting 'slot' to virtual slot: cVirtualSlotObject_UserJaasSubject");
            }
            retrieveSlot = this.cVirtualSlotObject_UserJaasSubject;
        } else {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Retrieving slot ").append(str).toString());
            }
            retrieveSlot = retrieveSlot(str);
        }
        if (Log.isDebugEnabled(LOGGER)) {
            Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Instantiating credential object ").append(str2).toString());
        }
        Credential instantiateCredentialObject = instantiateCredentialObject(str2);
        int secretType = instantiateCredentialObject.getSecretType();
        if (Log.isDebugEnabled(LOGGER)) {
            Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Slot secret type is ").append(retrieveSlot.getSecretType()).append(", Credential secret type is ").append(secretType).toString());
        }
        if (secretType != retrieveSlot.getSecretType()) {
            throw new PortletServiceException("Attempt to retrieve a credentialType that is incompatible to the credential slot (userSecretType).");
        }
        if (Log.isDebugEnabled(LOGGER)) {
            Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Slot active flag is ").append(retrieveSlot.getActive()).append(", Credential active flag is ").append(instantiateCredentialObject.isActive()).toString());
        }
        if (retrieveSlot.getActive() && !instantiateCredentialObject.isActive()) {
            throw new PortletServiceException("Attempt to retrieve a passive credential from a credential slot that is flagged as 'active'.");
        }
        HashMap hashMap = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        if (equals) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "CredentialService.getCredential: Extracting secret from session");
            }
            credentialSecret = new JaasSubjectCredentialSecret(extractUser(portletRequest).getSubject());
        } else {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "CredentialService.getCredential: Retrieving secret from vaultservice");
            }
            try {
                User extractUser = extractUser(portletRequest);
                ObjectID extractCpiid = extractCpiid(portletRequest);
                if (Log.isDebugEnabled(LOGGER)) {
                    Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Retrieving credential for user ").append(extractUser).append("and portlet ").append(extractCpiid).toString());
                }
                Subject credential = Vault.getCredential(retrieveSlot, extractUser(portletRequest), extractCpiid(portletRequest));
                if (credential == null) {
                    if (Log.isDebugEnabled(LOGGER)) {
                        Log.debug(LOGGER, "CredentialService.getCredential: No credential returned from vaultservice");
                    }
                    throw new CredentialSecretNotSetException();
                }
                String credentialSecretClassName = CredentialSecret.getCredentialSecretClassName(secretType);
                if (Log.isDebugEnabled(LOGGER)) {
                    Log.debug(LOGGER, new StringBuffer().append("CredentialService.getCredential: Extracting Credentials of type ").append(credentialSecretClassName).toString());
                }
                Iterator it = credential.getPrivateCredentials(Class.forName(credentialSecretClassName)).iterator();
                if (!it.hasNext()) {
                    if (Log.isDebugEnabled(LOGGER)) {
                        Log.debug(LOGGER, "CredentialService.getCredential: No credential found in vault's subject");
                    }
                    throw new CredentialSecretNotSetException();
                }
                credentialSecret = (CredentialSecret) it.next();
            } catch (CredentialSecretNotSetException e) {
                throw e;
            } catch (Exception e2) {
                if (Log.isDebugEnabled(LOGGER)) {
                    Log.debug(LOGGER, "CredentialService.getCredential: Credential Secret could not be retrieved:", e2);
                }
                throw new PortletServiceException(new StringBuffer().append("Credential Secret could not be retrieved. Nested exception is ").append(e2.toString()).toString());
            }
        }
        if (Log.isDebugEnabled(LOGGER)) {
            Log.debug(LOGGER, "CredentialService.getCredential: Initalizing the credential object.");
        }
        try {
            hashMap.put(Credential.KEY_CREDENTIAL_SECRET, credentialSecret);
            instantiateCredentialObject.init(hashMap);
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "CredentialService.getCredential: exit");
            }
            return instantiateCredentialObject;
        } catch (Exception e3) {
            if (Log.isDebugEnabled(LOGGER)) {
                Log.debug(LOGGER, "CredentialService.getCredential: Couldn't initialize the credential object:", e3);
            }
            throw new PortletServiceException(new StringBuffer().append("Couldn't initialize the credential object. Nested exception is ").append(e3.toString()).toString());
        }
    }

    @Override // com.ibm.wps.portletservice.credentialvault.CredentialVaultService
    public Subject getUserSubject(PortletRequest portletRequest) throws PortletServiceException {
        try {
            return ((JaasSubjectPassiveCredential) getCredential(CredentialVaultService.PREDEFINED_SLOT_USER_JAAS_SUBJECT, "JaasSubjectPassive", null, portletRequest)).getSecret();
        } catch (CredentialSecretNotSetException e) {
            throw new PortletServiceException(new StringBuffer().append("User's JAAS subject not found! nested Exception is: ").append(e).toString());
        }
    }

    private static ObjectID extractCpiid(PortletRequest portletRequest) {
        return ((PortletRequestImpl) portletRequest).getPortletInstanceEntry().getPiid();
    }

    private static User extractUser(PortletRequest portletRequest) throws PortletServiceException {
        try {
            User user = RunData.from(portletRequest).getUser();
            if (user == null) {
                throw new Exception("No user is logged in!");
            }
            return user;
        } catch (Exception e) {
            throw new PortletServiceException(new StringBuffer().append("Couldn't retrieve user object from session. Nested exception is ").append(e.toString()).toString());
        }
    }

    private static CredentialSlot retrieveSlot(String str) throws PortletServiceException {
        try {
            return CredentialSlot.retrieve(str);
        } catch (Exception e) {
            throw new PortletServiceException(new StringBuffer().append("Couldn't retrieve the credential slot (configuration). Nested exception is ").append(e.toString()).toString());
        }
    }

    private static Credential instantiateCredentialObject(String str) throws PortletServiceException {
        try {
            return CredentialManager.instantiateCredentialObject(str);
        } catch (Exception e) {
            throw new PortletServiceException(new StringBuffer().append("Couldn't instantiate the credential type'").append(str).append("'. Nested exception is ").append(e.toString()).toString());
        }
    }
}
