package com.ibm.uddi.security;

import com.ibm.uddi.ras.RASITraceEvent;
import com.ibm.uddi.ras.RASITraceLogger;
import com.ibm.uddi.v3.exception.UDDIAuthTokenExpiredException;
import com.ibm.uddi.v3.exception.UDDIAuthTokenRequiredException;
import com.ibm.uddi.v3.exception.UDDIException;
import com.ibm.uddi.v3.exception.UDDIFatalErrorException;
import com.ibm.uddi.v3.exception.UDDIUnknownUserException;
import com.ibm.uddi.v3.persistence.PersistenceManager;
import com.ibm.uddi.v3.runtime.UDDINodeComponentImplProxy;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.websphere.security.cred.WSCredential;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.soap.encoding.soapenc.Base64;

/* loaded from: input_file:common.jar:com/ibm/uddi/security/JAASAuthenticator.class */
public class JAASAuthenticator implements Authenticator {
    private static final RASITraceLogger traceLogger = SecurityConfig.getTraceLogger();

    public JAASAuthenticator() {
        traceLogger.entry(RASITraceEvent.TYPE_LEVEL2, "com.ibm.uddi.security.JAASAuthenticator", "JAASAuthenticator");
        traceLogger.exit(RASITraceEvent.TYPE_LEVEL2, "com.ibm.uddi.security.JAASAuthenticator", "JAASAuthenticator");
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String authenticate(String str) throws UDDIException {
        traceLogger.entry(RASITraceEvent.TYPE_LEVEL2, this, "authenticate", str);
        String userId = PersistenceManager.getPersistenceManager().getFactory().getUserPersister().getUserId(str);
        if (userId == null) {
            traceLogger.trace(RASITraceEvent.TYPE_LEVEL2, this, "authenticate", "No user found for authInfo " + str);
            throw new UDDIAuthTokenRequiredException();
        }
        if (AuthTokenManager.getAuthTokenManager().hasExpired(str)) {
            traceLogger.trace(RASITraceEvent.TYPE_LEVEL2, this, "authenticate", "AuthInfo expired for user " + userId);
            throw new UDDIAuthTokenExpiredException();
        }
        traceLogger.exit(RASITraceEvent.TYPE_LEVEL2, this, "authenticate", userId);
        return userId;
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String login(String str, String str2) throws UDDIException {
        traceLogger.entry(RASITraceEvent.TYPE_LEVEL2, this, "login", str);
        jaasLogin(str, str2);
        String createAuthInfo = AuthTokenManager.getAuthTokenManager().createAuthInfo(str);
        traceLogger.exit(RASITraceEvent.TYPE_LEVEL2, this, "login", createAuthInfo);
        return createAuthInfo;
    }

    protected LoginContext jaasLogin(String str, String str2) throws UDDIException {
        traceLogger.entry(RASITraceEvent.TYPE_LEVEL2, this, "jaasLogin", str);
        try {
            LoginContext loginContext = new LoginContext("ClientContainer", new WSCallbackHandlerImpl(str, str2));
            try {
                if (!str2.equals("") || UDDINodeComponentImplProxy.getNodeComponentProxy().isWASGlobalSecurityOn()) {
                    loginContext.login();
                } else {
                    traceLogger.trace(RASITraceEvent.TYPE_LEVEL3, this, "jaasLogin", "global security off and empty password");
                }
                traceLogger.exit(RASITraceEvent.TYPE_LEVEL2, this, "jaasLogin", loginContext);
                return loginContext;
            } catch (LoginException e) {
                traceLogger.exception(RASITraceEvent.TYPE_LEVEL1, (Object) this, "login", (Exception) e);
                throw new UDDIUnknownUserException();
            }
        } catch (SecurityException e2) {
            traceLogger.exception(RASITraceEvent.TYPE_LEVEL1, (Object) this, "login", (Exception) e2);
            throw new UDDIFatalErrorException(e2);
        } catch (LoginException e3) {
            traceLogger.exception(RASITraceEvent.TYPE_LEVEL1, (Object) this, "login", (Exception) e3);
            throw new UDDIFatalErrorException(e3);
        }
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String singleSignOn(String str, String str2, HttpServletResponse httpServletResponse) throws UDDIException {
        traceLogger.entry(RASITraceEvent.TYPE_LEVEL2, this, "singleSignOn", str);
        Subject subject = jaasLogin(str, str2).getSubject();
        if (subject == null) {
            traceLogger.trace(RASITraceEvent.TYPE_LEVEL1, this, "singleSignOn", "Authenticated subject is NULL");
            throw new UDDIFatalErrorException(new String[]{"Authenticated subject is NULL"});
        }
        WSCredential wSCredential = null;
        Iterator<Object> it = subject.getPublicCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof WSCredential) {
                wSCredential = (WSCredential) next;
                break;
            }
        }
        if (wSCredential != null) {
            try {
                httpServletResponse.addCookie(new Cookie("LtpaToken", Base64.encode(wSCredential.getCredentialToken())));
            } catch (CredentialDestroyedException e) {
                traceLogger.exception(RASITraceEvent.TYPE_LEVEL1, (Object) this, "singleSignOn", e);
                throw new UDDIFatalErrorException(e);
            } catch (CredentialExpiredException e2) {
                traceLogger.exception(RASITraceEvent.TYPE_LEVEL1, (Object) this, "singleSignOn", e2);
                throw new UDDIFatalErrorException(e2);
            }
        }
        String createAuthInfo = AuthTokenManager.getAuthTokenManager().createAuthInfo(str);
        traceLogger.exit(RASITraceEvent.TYPE_LEVEL2, this, "singleSignOn", createAuthInfo);
        return createAuthInfo;
    }

    @Override // com.ibm.uddi.security.Authenticator
    public String getUser() {
        return WSSubject.getCallerPrincipal();
    }
}
