package com.ibm.wps.engine.commands;

import com.ibm.portal.WpsException;
import com.ibm.websphere.security.SSOAuthenticator;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.wps.auth.ErrorBean;
import com.ibm.wps.engine.EngineMessages;
import com.ibm.wps.engine.RunData;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.User;
import com.ibm.wps.puma.UserManager;
import com.ibm.wps.services.authentication.Authentication;
import com.ibm.wps.services.config.Config;
import com.ibm.wps.sso.UserDNPrincipal;
import com.ibm.wps.util.HttpUtils;
import com.ibm.ws.security.util.ServerSideAuthenticator;
import java.text.MessageFormat;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import org.omg.SecurityLevel2.Credentials;

/* JADX WARN: Classes with same name are omitted:
  input_file:plugins/com.ibm.wps_4.2.0.1/wps.jar:com/ibm/wps/engine/commands/LoginUserAuth.class
 */
/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/engine/commands/LoginUserAuth.class */
public class LoginUserAuth extends LoginUser {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Logger logger;
    static final boolean EXECUTE_PORTAL_JAAS_LOGIN;
    private static final boolean multipleRealmsEnabled;
    private static final String defaultRealm;
    private static final String userTemplate;
    static Class class$com$ibm$wps$engine$commands$LoginUserAuth;
    static Class class$com$ibm$wps$sso$UserDNPrincipal;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.wps.engine.commands.LoginUser
    public ErrorBean doAuthenticate(RunData runData, String str, String str2) {
        Subject callerSubject;
        Class cls;
        boolean isLogging = logger.isLogging(110);
        if (isLogging) {
            logger.entry(110, "doAuthenticate", runData, str);
        }
        if (str != null) {
            if (multipleRealmsEnabled) {
                str = prepareDN(str);
                if (isLogging) {
                    logger.text(110, "doAuthenticate", new StringBuffer().append("LoginUserAuth: prepareDN is now: ").append(str).toString());
                }
            }
            if (isLogging) {
                try {
                    logger.text(110, "doAuthenticate", new StringBuffer().append("Trying to authenticate user ").append(str).toString());
                } catch (Exception e) {
                    if (isLogging) {
                        logger.text(110, "doAuthenticate", new StringBuffer().append("Could not authenticate user ('").append(str).append("').").toString(), e);
                    }
                    ErrorBean errorBean = new ErrorBean(5, e);
                    if (isLogging) {
                        logger.exit(110, "doAuthenticate", errorBean);
                    }
                    return errorBean;
                }
            }
            ServerSideAuthenticator serverSideAuthenticator = new ServerSideAuthenticator();
            Credentials authenticate = serverSideAuthenticator.authenticate(str, str2);
            if (authenticate == null) {
                if (isLogging) {
                    logger.text(110, "doAuthenticate", "Authentication failed, retCreds are null");
                }
                throw new WpsException(EngineMessages.WAS_AUTHENTICATION_FAILED_ERROR);
            }
            if (isLogging) {
                logger.text(110, "doAuthenticate", new StringBuffer().append("Authentication successful, UserName is: ").append(serverSideAuthenticator.getUserName(authenticate)).toString());
            }
            serverSideAuthenticator.setInvocationCredentials(authenticate);
            if (isLogging) {
                logger.text(110, "doAuthenticate", "InvocationCredentials set.");
            }
            SSOAuthenticator sSOAuthenticator = new SSOAuthenticator();
            sSOAuthenticator.login(str, str2, runData.getRequest(), runData.getResponse());
            if (isLogging) {
                logger.text(110, "doAuthenticate", "Single Sign-On cookie set");
            }
            String refererURL = sSOAuthenticator.getRefererURL(runData.getRequest(), runData.getResponse());
            if (isLogging) {
                logger.text(110, "doAuthenticate", new StringBuffer().append("redirectURL set to: ").append(refererURL).toString());
            }
            runData.setRedirectURL(refererURL);
            if (isLogging) {
                logger.text(110, "doAuthenticate", "(3) lc.getCallerSubject");
            }
            callerSubject = WSSubject.getRunAsSubject();
        } else {
            if (isLogging) {
                try {
                    logger.text(110, "doAuthenticate", "WSSubject.getCallerSubject");
                } catch (WSSecurityException e2) {
                    if (isLogging) {
                        logger.text(110, "doAuthenticate", "Could not get caller's subject.", (Throwable) e2);
                    }
                    ErrorBean errorBean2 = new ErrorBean(5, e2);
                    if (isLogging) {
                        logger.exit(110, "doAuthenticate", errorBean2);
                    }
                    return errorBean2;
                }
            }
            callerSubject = WSSubject.getCallerSubject();
        }
        try {
            Subject doPortalLogin = Authentication.getService().doPortalLogin("Portal_Login", runData.getRequest(), callerSubject, null, str);
            if (isLogging) {
                try {
                    logger.text(111, "doAuthenticate", "Extracting userDN from Subject");
                } catch (WpsException e3) {
                    logger.message(100, "doAuthenticate", EngineMessages.USER_OBJECT_RETRIEVE_ERROR, e3);
                    ErrorBean errorBean3 = new ErrorBean(2, e3);
                    if (isLogging) {
                        logger.exit(110, "doAuthenticate", errorBean3);
                    }
                    return errorBean3;
                }
            }
            if (class$com$ibm$wps$sso$UserDNPrincipal == null) {
                cls = class$("com.ibm.wps.sso.UserDNPrincipal");
                class$com$ibm$wps$sso$UserDNPrincipal = cls;
            } else {
                cls = class$com$ibm$wps$sso$UserDNPrincipal;
            }
            String name = ((UserDNPrincipal) doPortalLogin.getPrincipals(cls).toArray()[0]).getName();
            if (isLogging) {
                logger.text(110, "doAuthenticate", "User.findById()...");
            }
            User findById = UserManager.instance().findById(name);
            if (findById == null) {
                throw new WpsException(EngineMessages.USER_NOT_FOUND_ERROR, new Object[]{name});
            }
            if (isLogging) {
                logger.text(110, "doAuthenticate", "User found.");
            }
            Authentication.getService().addACPrincipal(doPortalLogin, findById);
            if (isLogging) {
                logger.text(110, "doAuthenticate", "ACPrincipal added to Subject.");
            }
            findById.setSubject(doPortalLogin);
            if (isLogging) {
                logger.text(110, "doAuthenticate", "Subject set.");
            }
            doPrepareSession(runData, findById);
            if (isLogging) {
                logger.text(110, "doAuthenticate", "storing user in session...");
            }
            runData.setUser(findById);
            invalidateWasReqUrlCookie(runData);
            ErrorBean errorBean4 = new ErrorBean(0, null);
            if (isLogging) {
                logger.exit(110, "doAuthenticate", errorBean4);
            }
            return errorBean4;
        } catch (WpsException e4) {
            ErrorBean errorBean5 = new ErrorBean(6, e4);
            if (isLogging) {
                logger.exit(110, "doAuthenticate", errorBean5);
            }
            return errorBean5;
        }
    }

    protected void invalidateWasReqUrlCookie(RunData runData) {
        boolean isLogging = logger.isLogging(111);
        if (isLogging) {
            logger.entry(111, "invalidateWasReqUrlCookie", runData);
        }
        Cookie[] cookies = runData.getRequest().getCookies();
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (isLogging) {
                    logger.entry(111, "invalidateWasReqUrlCookie", new StringBuffer().append("looking at cookie:").append(cookies[i].getName()).toString());
                }
                if (cookies[i].getName().equals("WASReqURL")) {
                    HttpUtils.invalidateCookie(cookies[i], runData.getResponse());
                    if (isLogging) {
                        logger.entry(111, "invalidateWasReqUrlCookie", "cookie invalidated");
                    }
                }
            }
        }
        if (isLogging) {
            logger.exit(111, "invalidateWasReqUrlCookie");
        }
    }

    @Override // com.ibm.wps.engine.commands.LoginUser
    protected void compensateDoAuthenticate(RunData runData, ErrorBean errorBean) {
        boolean isLogging = logger.isLogging(111);
        if (isLogging) {
            logger.entry(111, "compensateDoAuthenticate", runData, errorBean);
        }
        invalidateWasReqUrlCookie(runData);
        runData.setUser(null);
        if (isLogging) {
            logger.exit(111, "compensateDoAuthenticate");
        }
    }

    private static String prepareDN(String str) {
        boolean isLogging = logger.isLogging(111);
        if (isLogging) {
            logger.entry(111, "prepareDN", str);
        }
        String str2 = null;
        String str3 = null;
        if (str.indexOf("=") == -1) {
            int indexOf = str.indexOf("@");
            if (indexOf > 0 && indexOf < str.length() - 1) {
                str2 = str.substring(0, indexOf);
                str3 = str.substring(indexOf + 1);
            } else if (indexOf < 0) {
                str2 = str;
                str3 = defaultRealm;
            }
        }
        if (str2 == null || str3 == null) {
            if (isLogging) {
                logger.text(111, "prepareDN", new StringBuffer().append("LoginUserAuth-PreapreDN: aUserID= ").append(str).toString());
                logger.exit(111, "prepareDN", str);
            }
            return str;
        }
        String format = new MessageFormat(userTemplate).format(new Object[]{str2, str3});
        if (isLogging) {
            logger.text(111, "prepareDN", new StringBuffer().append("LoginUserAuth-PreapreDN: DN= ").append(format).toString());
            logger.exit(111, "prepareDN", format);
        }
        return format;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$engine$commands$LoginUserAuth == null) {
            cls = class$("com.ibm.wps.engine.commands.LoginUserAuth");
            class$com$ibm$wps$engine$commands$LoginUserAuth = cls;
        } else {
            cls = class$com$ibm$wps$engine$commands$LoginUserAuth;
        }
        logger = logManager.getLogger(cls);
        EXECUTE_PORTAL_JAAS_LOGIN = Config.getParameters().getBoolean("execute.portal.jaas.login", true);
        multipleRealmsEnabled = Config.getParameters().getBoolean("multiple.realms.enabled", false);
        defaultRealm = Config.getParameters().getString("multiple.realms.login.default.realm");
        userTemplate = Config.getParameters().getString("multiple.realms.user.dn.template");
    }
}
