package com.ibm.ws.websvcs.utils;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.websvcs.Constants;
import com.ibm.ws.websvcs.resources.NLSProvider;
import com.ibm.ws.websvcs.transport.http.HttpEffectiveConfig;
import com.ibm.wsspi.http.channel.HttpConstants;
import com.ibm.wsspi.http.channel.values.HttpHeaderKeys;
import com.ibm.wsspi.security.token.SpnegoTokenHelper;
import java.security.PrivilegedActionException;
import javax.security.auth.login.LoginException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:com/ibm/ws/websvcs/utils/InjectNegotiateAuthorizationHeaderImpl.class */
public class InjectNegotiateAuthorizationHeaderImpl implements HTTPHeaderInjector {
    private static final TraceComponent _tc = Tr.register(InjectNegotiateAuthorizationHeaderImpl.class, "WebServices", Constants.TR_RESOURCE_BUNDLE);
    private static final String clsName = InjectNegotiateAuthorizationHeaderImpl.class.getName();

    public InjectNegotiateAuthorizationHeaderImpl() {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "InjectNegotiateAuthorizationHeaderImpl ctor");
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "InjectNegotiateAuthorizationHeaderImpl ctor");
        }
    }

    @Override // com.ibm.ws.websvcs.utils.HTTPHeaderInjector
    public HttpHeaderKeys getHeaderName() {
        return HttpConstants.HDR_AUTHORIZATION;
    }

    @Override // com.ibm.ws.websvcs.utils.HTTPHeaderInjector
    public String getHeaderValue(MessageContext messageContext, HttpEffectiveConfig httpEffectiveConfig) throws AxisFault {
        String generateTokenViaNativeCreds;
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "getHeaderValue");
        }
        int i = Integer.MAX_VALUE;
        String customProperty = httpEffectiveConfig.getCustomProperty(messageContext, Constants.LIFETIME_PROPERTY);
        if (customProperty != null && !"".equals(customProperty)) {
            try {
                i = new Integer(customProperty).intValue();
            } catch (NumberFormatException e) {
                String formattedMessage = NLSProvider.getNLS().getFormattedMessage("nonIntegerLifetime", new Object[]{customProperty, Constants.LIFETIME_PROPERTY}, "A Non-integer value [{0}] is defined for the [{1}] custom property in the HTTP transport configuration.");
                if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, formattedMessage);
                }
                throw new AxisFault(formattedMessage);
            }
        }
        boolean booleanValue = new Boolean(httpEffectiveConfig.getCustomProperty(messageContext, Constants.DELEGATE_PROPERTY)).booleanValue();
        String customProperty2 = httpEffectiveConfig.getCustomProperty(messageContext, Constants.SERVICE_PRINCIPAL_NAME_PROPERTY);
        String customProperty3 = httpEffectiveConfig.getCustomProperty(messageContext, Constants.LOGIN_MECHANISM);
        if (customProperty2 == null || "".equals(customProperty2)) {
            String formattedMessage2 = NLSProvider.getNLS().getFormattedMessage("noValueForProperty", new Object[]{Constants.COM_IBM_WEBSPHERE_WEBSERVICES_SPNEGO_ENABLED, Constants.SERVICE_PRINCIPAL_NAME_PROPERTY}, "The Simple and Protected GSS-API Negotiation (SPNEGO) feature is enabled with [{0}] custom property in the HTTP transport configuration, but the [{0}] custom property is either missing or empty.");
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, formattedMessage2);
            }
            throw new AxisFault(formattedMessage2);
        }
        if (customProperty3 == null || "".equals(customProperty3)) {
            String formattedMessage3 = NLSProvider.getNLS().getFormattedMessage("noValueForProperty", new Object[]{Constants.COM_IBM_WEBSPHERE_WEBSERVICES_SPNEGO_ENABLED, Constants.LOGIN_MECHANISM}, "The [{0}] custom property in the HTTP transport configuration is either missing or empty.");
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, formattedMessage3);
            }
            throw new AxisFault(formattedMessage3);
        }
        try {
            if (Constants.NEGOTIATE_USING_GSSUP.equals(customProperty3)) {
                generateTokenViaNativeCreds = generateTokenViaGSSUP(messageContext, httpEffectiveConfig, customProperty2, i, booleanValue);
            } else if (Constants.NEGOTIATE_USING_KEYTAB.equals(customProperty3)) {
                generateTokenViaNativeCreds = generateTokenViaKeytab(messageContext, httpEffectiveConfig, customProperty2, i, booleanValue);
            } else if ("caller".equals(customProperty3)) {
                generateTokenViaNativeCreds = generateTokenViaCaller(messageContext, httpEffectiveConfig, customProperty2, i, booleanValue);
            } else {
                if (!Constants.NEGOTIATE_USING_NATIVE.equals(customProperty3)) {
                    String formattedMessage4 = NLSProvider.getNLS().getFormattedMessage("invalidLoginMechanismPropDefined", new Object[]{customProperty3, Constants.LOGIN_MECHANISM, "GSSUP, keytab , caller, native"}, "The value [{0}] for the [{1}] custom property in the HTTP transport configuration is not valid.  The valid values are [{3}].");
                    if (_tc.isDebugEnabled()) {
                        Tr.debug(_tc, formattedMessage4);
                    }
                    throw new AxisFault(formattedMessage4);
                }
                generateTokenViaNativeCreds = generateTokenViaNativeCreds(messageContext, httpEffectiveConfig, customProperty2, i, booleanValue);
            }
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "getHeaderValue returns [" + generateTokenViaNativeCreds + "]");
            }
            return generateTokenViaNativeCreds;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, clsName + ".getHeaderValue", "200", this);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "An unexpected Exception was received [" + e2.getMessage() + "]");
            }
            throw new AxisFault(getGeneralCause(e2).getMessage(), e2);
        }
    }

    private String generateTokenViaNativeCreds(MessageContext messageContext, HttpEffectiveConfig httpEffectiveConfig, String str, int i, boolean z) throws WSSecurityException, GSSException, AxisFault {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "generateTokenViaNativeCreds");
        }
        try {
            String buildSpnegoAuthorizationFromNativeCreds = SpnegoTokenHelper.buildSpnegoAuthorizationFromNativeCreds(str, i, z);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Token generated from Native Credentials");
            }
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "generateTokenViaNativeCreds returns [" + buildSpnegoAuthorizationFromNativeCreds + "]");
            }
            return buildSpnegoAuthorizationFromNativeCreds;
        } catch (Exception e) {
            FFDCFilter.processException(e, clsName + ".generateTokenViaNativeCreds", "232", this);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "An unexpected Exception was received [" + e.getMessage() + "]");
            }
            throw new AxisFault(getGeneralCause(e).getMessage(), e);
        }
    }

    private String generateTokenViaCaller(MessageContext messageContext, HttpEffectiveConfig httpEffectiveConfig, String str, int i, boolean z) throws WSSecurityException, GSSException, AxisFault {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "generateTokenViaCaller");
        }
        try {
            String buildSpnegoAuthorizationFromCallerSubject = SpnegoTokenHelper.buildSpnegoAuthorizationFromCallerSubject(str, i, z);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Token generated from delegated Credentials in caller Subject");
            }
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "generateTokenViaCaller [" + buildSpnegoAuthorizationFromCallerSubject + "]");
            }
            return buildSpnegoAuthorizationFromCallerSubject;
        } catch (Exception e) {
            FFDCFilter.processException(e, clsName + ".generateTokenViaCaller", "266", this);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "An unexpected Exception was received [" + e.getMessage() + "]");
            }
            throw new AxisFault(getGeneralCause(e).getMessage(), e);
        }
    }

    private String generateTokenViaKeytab(MessageContext messageContext, HttpEffectiveConfig httpEffectiveConfig, String str, int i, boolean z) throws AxisFault, GSSException, LoginException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "generateTokenViaKeytab");
        }
        String customProperty = httpEffectiveConfig.getCustomProperty(messageContext, Constants.USER_PRINCIPAL_NAME_PROPERTY);
        if (customProperty == null || "".equals(customProperty)) {
            String formattedMessage = NLSProvider.getNLS().getFormattedMessage("noValueForProperty", new Object[]{Constants.USER_PRINCIPAL_NAME_PROPERTY}, "The [{0}] custom property in the HTTP transport configuration is either missing or empty.");
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, formattedMessage);
            }
            throw new AxisFault(formattedMessage);
        }
        try {
            String buildSpnegoAuthorizationFromUpn = SpnegoTokenHelper.buildSpnegoAuthorizationFromUpn(str, customProperty, httpEffectiveConfig.getCustomProperty(messageContext, Constants.JAAS_PROPERTY), i, z);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Token generated from Keytab");
            }
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "generateTokenViaKeytab returns [" + buildSpnegoAuthorizationFromUpn + "]");
            }
            return buildSpnegoAuthorizationFromUpn;
        } catch (Exception e) {
            FFDCFilter.processException(e, clsName + ".generateTokenViaKeytab", "315", this);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "An Exception Exception was received.");
            }
            throw new AxisFault(getGeneralCause(e).getMessage(), e);
        }
    }

    private String generateTokenViaGSSUP(MessageContext messageContext, HttpEffectiveConfig httpEffectiveConfig, String str, int i, boolean z) throws AxisFault, WSSecurityException, LoginException, GSSException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "generateTokenViaGSSUP");
        }
        String outRequestUserID = httpEffectiveConfig.getOutRequestUserID(messageContext);
        if (outRequestUserID == null || "".equals(outRequestUserID)) {
            String formattedMessage = NLSProvider.getNLS().getFormattedMessage("noBasicAuthUseridDefined", new Object[]{Constants.NEGOTIATE_USING_GSSUP}, "The Simple and Protected GSS-API Negotiation (SPNEGO) login mechanism is set to [{0}], but there is no basic authentication user name specified HTTP transport configuration.");
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, formattedMessage);
            }
            throw new AxisFault(formattedMessage);
        }
        String outRequestPassword = httpEffectiveConfig.getOutRequestPassword(messageContext);
        if (outRequestPassword == null || "".equals(outRequestPassword)) {
            String formattedMessage2 = NLSProvider.getNLS().getFormattedMessage("noBasicAuthPasswordDefined", new Object[]{Constants.NEGOTIATE_USING_GSSUP}, "The Simple and Protected GSS-API Negotiation (SPNEGO) login mechanism is set to [{0}], but there is no basic authentication password specified HTTP transport configuration.");
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, formattedMessage2);
            }
            throw new AxisFault(formattedMessage2);
        }
        try {
            String buildSpnegoAuthorizationFromUseridPassword = SpnegoTokenHelper.buildSpnegoAuthorizationFromUseridPassword(str, outRequestUserID, outRequestPassword, i, z);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "Token generated from userid/password");
            }
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "generateTokenViaGSSUP reutrns [" + buildSpnegoAuthorizationFromUseridPassword + "]");
            }
            return buildSpnegoAuthorizationFromUseridPassword;
        } catch (Exception e) {
            FFDCFilter.processException(e, clsName + ".generateTokenViaGSSUP", "376", this);
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "An unexpected Exception was received [" + e.getMessage() + "]");
            }
            throw new AxisFault(getGeneralCause(e).getMessage(), e);
        }
    }

    private static Throwable getGeneralCause(Throwable th) {
        Throwable th2 = th;
        if (th != null && (th instanceof PrivilegedActionException)) {
            Throwable cause = th.getCause();
            if (cause != null) {
                while (cause != null && (cause instanceof PrivilegedActionException)) {
                    if (_tc.isDebugEnabled()) {
                        Tr.debug(_tc, "Unravelling PrivilegedActionException");
                    }
                    cause = cause.getCause();
                }
                if (cause != null) {
                    if (_tc.isDebugEnabled()) {
                        Tr.debug(_tc, "Unravelled to a " + cause.getClass().getName());
                    }
                    th2 = cause;
                } else if (_tc.isDebugEnabled()) {
                    Tr.debug(_tc, "Only PrivilegedActionException in stack.  Returning original exception.");
                }
            }
        }
        return th2;
    }
}
