package com.ibm.wps.services.authentication;

import com.ibm.portal.WpsException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.engine.EngineMessages;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.puma.User;
import com.ibm.wps.services.config.Config;
import com.ibm.wps.sso.LTPATokenCredential;
import com.ibm.wps.sso.PortalCallbackHandler;
import com.ibm.wps.sso.UserDNPrincipal;
import com.ibm.wps.util.GeneralMessages;
import com.ibm.wps.util.Properties;
import com.ibm.ws.security.util.ServerSideAuthenticator;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.MissingResourceException;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.SecurityLevel2.Credentials;

/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/services/authentication/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl extends AuthenticationService {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final Logger logger;
    static final boolean EXECUTE_PORTAL_JAAS_LOGIN;
    private static final String wpscbhheaderpropfile = "config.callbackheaderslist";
    private static PropertyResourceBundle callbackHeaderBundle;
    private static boolean callbackHeaderBundleRead;
    static Class class$com$ibm$wps$services$authentication$AuthenticationServiceImpl;
    static Class class$com$ibm$websphere$security$cred$WSCredential;

    @Override // com.ibm.wps.services.Service
    public void init(ServletContext servletContext, Properties properties) throws Exception {
        boolean isLogging = logger.isLogging(111);
        if (isLogging) {
            logger.entry(111, "init");
        }
        try {
            callbackHeaderBundle = (PropertyResourceBundle) ResourceBundle.getBundle(wpscbhheaderpropfile);
            if (isLogging) {
                logger.text(111, "init", "config.callbackheaderslist loaded.");
            }
        } catch (MissingResourceException e) {
            if (isLogging) {
                logger.text(111, "init", "Failed to load callback header properties file. No propfile config.callbackheaderslist found.");
            }
        }
        if (isLogging) {
            logger.exit(111, "init");
        }
    }

    @Override // com.ibm.wps.services.authentication.AuthenticationService
    public Subject doAppServerLogin(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WpsException {
        boolean isLogging = logger.isLogging(110);
        if (isLogging) {
            logger.entry(110, "doAppServerLogin", new Object[]{str, httpServletRequest, httpServletResponse});
        }
        if (isLogging) {
            try {
                logger.text(110, "doAppServerLogin", "creating new authenticator");
            } catch (Exception e) {
                if (isLogging) {
                    logger.text(100, "doAppServerLogin", "Error during WAS authentication");
                }
                logger.message(100, "doAppServerLogin", GeneralMessages.EXCEPTION_0, e);
                throw new WpsException(EngineMessages.WAS_AUTHENTICATION_FAILED_ERROR, new Object[0], e);
            }
        }
        ServerSideAuthenticator serverSideAuthenticator = new ServerSideAuthenticator();
        if (isLogging) {
            logger.text(110, "doAppServerLogin", "calling authenticator.authenticate({0}, <password>)", new Object[]{str});
        }
        Credentials authenticate = serverSideAuthenticator.authenticate(str, str2);
        if (authenticate == null) {
            if (isLogging) {
                logger.text(110, "doAppServerLogin", "Authentication failed, retCreds are null");
            }
            throw new WpsException(EngineMessages.WAS_AUTHENTICATION_FAILED_ERROR);
        }
        serverSideAuthenticator.setInvocationCredentials(authenticate);
        if (isLogging) {
            logger.text(110, "doAppServerLogin", "getCallerSubject");
        }
        Subject runAsSubject = WSSubject.getRunAsSubject();
        if (isLogging) {
            logger.text(110, "doAppServerLogin", "Credentials set");
        }
        if (isLogging) {
            logger.exit(110, "doAppServerLogin", runAsSubject);
        }
        return runAsSubject;
    }

    @Override // com.ibm.wps.services.authentication.AuthenticationService
    public void addACPrincipal(Subject subject, User user) throws WpsException {
        boolean isLogging = logger.isLogging(110);
        if (isLogging) {
            logger.entry(110, "addACPrincipal");
        }
        subject.getPrincipals().add(ACManager.getAccessControl().createPrincipal(user));
        if (isLogging) {
            logger.exit(110, "addACPrincipal");
        }
    }

    @Override // com.ibm.wps.services.authentication.AuthenticationService
    public Subject doPortalLogin(HttpServletRequest httpServletRequest) throws WpsException {
        boolean isLogging = logger.isLogging(110);
        if (isLogging) {
            try {
                logger.text(110, "doPortalLogin", "WSSubject.getCallerSubject");
            } catch (WSSecurityException e) {
                if (isLogging) {
                    logger.text(110, "doPortalLogin", "Could not get caller's subject.", e);
                }
                throw new WpsException(EngineMessages.NO_USER_WSCREDENTIAL_ERROR);
            }
        }
        return doPortalLogin("Portal_Login", httpServletRequest, WSSubject.getCallerSubject(), null, null);
    }

    @Override // com.ibm.wps.services.authentication.AuthenticationService
    public Subject doPortalLogin(String str, HttpServletRequest httpServletRequest, Subject subject, Subject subject2, String str2) throws WpsException {
        Class cls;
        boolean isLogging = logger.isLogging(110);
        if (isLogging) {
            logger.entry(110, "doPortalLogin");
        }
        if (isLogging) {
            try {
                logger.text(110, "doPortalLogin", "(4) getPublicCredentials");
            } catch (Exception e) {
                if (isLogging) {
                    logger.text(110, "doPortalLogin", "LoginUserAuth: Could retrieve user DN.", e);
                }
                throw new WpsException(EngineMessages.WSCREDENTIAL_RETRIEVE_ERROR);
            }
        }
        if (class$com$ibm$websphere$security$cred$WSCredential == null) {
            cls = class$("com.ibm.websphere.security.cred.WSCredential");
            class$com$ibm$websphere$security$cred$WSCredential = cls;
        } else {
            cls = class$com$ibm$websphere$security$cred$WSCredential;
        }
        Iterator it = subject.getPublicCredentials(cls).iterator();
        if (!it.hasNext()) {
            if (isLogging) {
                logger.text(110, "doPortalLogin", "LoginUserAuth: (5b) no credential found.");
            }
            logger.message(100, "doPortalLogin", EngineMessages.WSCREDENTIAL_RETRIEVE_ERROR);
            throw new WpsException(EngineMessages.NO_USER_WSCREDENTIAL_ERROR);
        }
        if (isLogging) {
            logger.text(110, "doPortalLogin", "(5a) credential found.");
        }
        WSCredential wSCredential = (WSCredential) it.next();
        if (isLogging) {
            logger.text(110, "doPortalLogin", "(5a) getUserDN");
        }
        String uniqueSecurityName = wSCredential.getUniqueSecurityName();
        byte[] credentialToken = wSCredential.getCredentialToken();
        if (isLogging) {
            logger.text(110, "doPortalLogin", new StringBuffer().append("Authenticated user is: ").append(uniqueSecurityName).toString());
        }
        if (subject2 == null) {
            subject2 = new Subject();
        }
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put(PortalCallbackHandler.REQUEST_KEY, httpServletRequest);
            hashtable.put("USER_DN", uniqueSecurityName);
            if (str2 != null) {
                hashtable.put("USER_ID", str2);
            }
            if (isLogging) {
                logger.text(110, "doPortalLogin", "(0)(portal) addOtherHeaders");
            }
            addOtherHeaders(httpServletRequest, hashtable);
            subject2.getPrincipals().add(new UserDNPrincipal(uniqueSecurityName));
            subject2.getPrivateCredentials().add(new LTPATokenCredential(credentialToken));
            if (EXECUTE_PORTAL_JAAS_LOGIN) {
                if (isLogging) {
                    logger.text(110, "doPortalLogin", "(1)(portal) new LoginContext");
                }
                LoginContext loginContext = new LoginContext(str, subject2, getCallbackHandler(httpServletRequest, hashtable));
                if (isLogging) {
                    logger.text(110, "doPortalLogin", "(2)(portal) lc.login");
                }
                loginContext.login();
                if (isLogging) {
                    logger.text(110, "doPortalLogin", "(3)(portal) lc.getSubject");
                }
                subject2 = loginContext.getSubject();
            } else if (isLogging) {
                logger.text(110, "doPortalLogin", "Portal JAAS login is disabled - not executed");
            }
            if (isLogging) {
                logger.exit(110, "doPortalLogin", subject2);
            }
            return subject2;
        } catch (Exception e2) {
            if (isLogging) {
                logger.text(110, "doPortalLogin", new StringBuffer().append("JAAS login failed for user ('").append(uniqueSecurityName).append("').").toString(), e2);
            }
            throw new WpsException(EngineMessages.EXCEPTION_OCCURRED_ERROR);
        }
    }

    protected static CallbackHandler getCallbackHandler(HttpServletRequest httpServletRequest, Hashtable hashtable) {
        return new PortalCallbackHandler(hashtable);
    }

    protected static void addOtherHeaders(HttpServletRequest httpServletRequest, Hashtable hashtable) {
        String stringBuffer;
        boolean isLogging = logger.isLogging(112);
        if (isLogging) {
            logger.entry(112, "addOtherHeaders", httpServletRequest, hashtable);
        }
        if (null == callbackHeaderBundle) {
            if (isLogging) {
                logger.text(112, "addOtherHeaders", "no Callback Handler bundle");
            }
            if (isLogging) {
                logger.exit(112, "addOtherHeaders");
                return;
            }
            return;
        }
        String str = null;
        int i = 1;
        while (true) {
            try {
                str = new StringBuffer().append("header.").append(i).toString();
                if (isLogging) {
                    logger.text(112, "addOtherHeaders", new StringBuffer().append("looking for entry ").append(str).toString());
                }
                String string = callbackHeaderBundle.getString(str);
                if (string == null) {
                    break;
                }
                String header = httpServletRequest.getHeader(string);
                if (header != null && header.length() > 0) {
                    if (isLogging) {
                        logger.text(112, "addOtherHeaders", new StringBuffer().append("placing ").append(string).append(", ").append(header).append(" into Hashtable.").toString());
                    }
                    hashtable.put(string, header);
                } else if (isLogging) {
                    logger.text(112, "addOtherHeaders", new StringBuffer().append("got null or zero-length for header ").append(string).toString());
                }
                i++;
            } catch (MissingResourceException e) {
                if (isLogging) {
                    logger.text(112, "addOtherHeaders", new StringBuffer().append("got MissingResourceException for entry ").append(str).toString());
                }
            }
        }
        if (isLogging) {
            logger.text(112, "addOtherHeaders", new StringBuffer().append("got null for entry ").append(str).toString());
        }
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null && cookies.length > 0) {
                if (isLogging) {
                    logger.text(112, "addOtherHeaders", "cookie number: name : value");
                    for (int i2 = 0; i2 < cookies.length; i2++) {
                        logger.text(112, "addOtherHeaders", new StringBuffer().append(i2).append(" : ").append(cookies[i2].getName()).append(" : ").append(cookies[i2].getValue()).toString());
                    }
                }
                int i3 = 1;
                while (true) {
                    stringBuffer = new StringBuffer().append("cookie.").append(i3).toString();
                    if (isLogging) {
                        logger.text(112, "addOtherHeaders", new StringBuffer().append("looking for entry ").append(stringBuffer).toString());
                    }
                    String string2 = callbackHeaderBundle.getString(stringBuffer);
                    if (string2 == null) {
                        break;
                    }
                    int i4 = 0;
                    while (true) {
                        if (i4 >= cookies.length) {
                            break;
                        }
                        if (cookies[i4].getName().equals(string2)) {
                            String value = cookies[i4].getValue();
                            if (null != value && value.length() > 0) {
                                if (isLogging) {
                                    logger.text(112, "addOtherHeaders", new StringBuffer().append("placing cookie.").append(string2).append(", ").append(value).append(" into Hashtable.").toString());
                                }
                                hashtable.put(new StringBuffer().append("cookie.").append(string2).toString(), value);
                            } else if (isLogging) {
                                logger.text(112, "addOtherHeaders", new StringBuffer().append("got null or zero-length for cookie ").append(string2).toString());
                            }
                        } else {
                            i4++;
                        }
                    }
                    i3++;
                }
                if (isLogging) {
                    logger.text(112, "addOtherHeaders", new StringBuffer().append("got null for entry ").append(stringBuffer).toString());
                }
            } else if (isLogging) {
                logger.text(112, "addOtherHeaders", "no cookies present in request header.");
            }
        } catch (MissingResourceException e2) {
            if (isLogging) {
                logger.text(112, "addOtherHeaders", new StringBuffer().append("got MissingResourceException for entry ").append(str).toString());
            }
        }
        if (isLogging) {
            logger.exit(112, "addOtherHeaders");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$services$authentication$AuthenticationServiceImpl == null) {
            cls = class$("com.ibm.wps.services.authentication.AuthenticationServiceImpl");
            class$com$ibm$wps$services$authentication$AuthenticationServiceImpl = cls;
        } else {
            cls = class$com$ibm$wps$services$authentication$AuthenticationServiceImpl;
        }
        logger = logManager.getLogger(cls);
        EXECUTE_PORTAL_JAAS_LOGIN = Config.getParameters().getBoolean("execute.portal.jaas.login", false);
        callbackHeaderBundle = null;
        callbackHeaderBundleRead = false;
    }
}
