package com.ibm.ws.management.system.smgr.util;

import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.management.exception.AdminException;
import com.ibm.websphere.management.system.util.JobConstants;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.security.MessageDigest;
import java.util.Hashtable;
import java.util.Properties;
import javax.security.auth.Subject;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:com/ibm/ws/management/system/smgr/util/JobMgrSecurityHelper.class */
public final class JobMgrSecurityHelper {
    private static final TraceComponent tc = Tr.register(JobMgrSecurityHelper.class, (String) null, (String) null);
    private static JobMgrSecurityHelper instance;

    private JobMgrSecurityHelper() {
    }

    public static synchronized JobMgrSecurityHelper getInstance() {
        return instance == null ? new JobMgrSecurityHelper() : instance;
    }

    private synchronized String getHash(String str, String str2) throws AdminException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(str2.getBytes(JobConstants.UTF8_CHARSET));
            return new BASE64Encoder().encode(messageDigest.digest());
        } catch (Throwable th) {
            throw new AdminException(th.getMessage());
        }
    }

    public String getMD5Hash(String str) throws AdminException {
        return getHash("MD5", str);
    }

    public String getSHAHash(String str) throws AdminException {
        return getHash("SHA", str);
    }

    public byte[] getProcessedSecurityMetadata(Properties properties) throws Throwable {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProcessedSecurityMetadata()", JobMgrHelper.hidePassword(properties));
        }
        Hashtable hashtable = new Hashtable();
        if (properties.containsKey(JobConstants.USERNAME)) {
            String property = properties.getProperty(JobConstants.USERNAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "username " + property + " was provided.");
            }
            hashtable.put(JobConstants.USERNAME, property);
            properties.remove(JobConstants.USERNAME);
            if (properties.getProperty("password") != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "password was provided.");
                }
                hashtable.put("password", PasswordUtil.passwordEncode(properties.getProperty("password")));
                properties.remove("password");
            }
            String property2 = properties.getProperty(JobConstants.PRIVATE_KEYPATH);
            if (property2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "privateKeyFile " + property2 + " was provided.");
                }
                hashtable.put(JobConstants.PRIVATE_KEYPATH, property2);
                properties.remove(JobConstants.PRIVATE_KEYPATH);
            }
            if (properties.getProperty(JobConstants.PASS_PHRASE) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "passphrase was provided.");
                }
                hashtable.put(JobConstants.PASS_PHRASE, PasswordUtil.passwordEncode(properties.getProperty(JobConstants.PASS_PHRASE)));
                properties.remove(JobConstants.PASS_PHRASE);
            }
            String property3 = properties.getProperty(JobConstants.USE_SUDO);
            if (property3 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "useSudo " + property3 + " was provided.");
                }
                hashtable.put(JobConstants.USE_SUDO, property3);
                properties.remove(JobConstants.USE_SUDO);
            }
            String property4 = properties.getProperty(JobConstants.SUDO_USER_NAME);
            if (property4 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "sudoUName " + property4 + " was provided.");
                }
                hashtable.put(JobConstants.SUDO_USER_NAME, property4);
                properties.remove(JobConstants.SUDO_USER_NAME);
            }
            if (properties.getProperty(JobConstants.SUDO_PASSWORD) != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "sudoPassword was provided.");
                }
                hashtable.put(JobConstants.SUDO_PASSWORD, PasswordUtil.passwordEncode(properties.getProperty(JobConstants.SUDO_PASSWORD)));
                properties.remove(JobConstants.SUDO_PASSWORD);
            }
        } else {
            Subject retrieveSubject = SecurityHelper.retrieveSubject();
            if (retrieveSubject != null) {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(retrieveSubject);
                if (wSCredentialFromSubject != null) {
                    if (tc.isDebugEnabled()) {
                        try {
                            Tr.debug(tc, "securityName: " + wSCredentialFromSubject.getSecurityName() + ", accessId: " + wSCredentialFromSubject.getAccessId());
                        } catch (Throwable th) {
                            Tr.debug(tc, "Problem tracing wsCred", th);
                        }
                    }
                    byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(retrieveSubject);
                    WSSecurityContext createContext = wSCredentialFromSubject.isBasicAuth() ? WSSecurityContextFactory.getInstance().createContext("oid:2.23.130.1.1.1") : WSSecurityContextFactory.getInstance().createContext(wSCredentialFromSubject.getOID());
                    String hostName = JobMgrHelper.getHostName();
                    if ("KRB5".equalsIgnoreCase(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getType())) {
                        hostName = ContextManagerFactory.getInstance().getDefaultKrbSpn();
                    }
                    String jobMgrSecurityRealm = getJobMgrSecurityRealm();
                    if (jobMgrSecurityRealm == null) {
                        jobMgrSecurityRealm = ContextManagerFactory.getInstance().getDefaultRealm();
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "realm information from the new security api: ", jobMgrSecurityRealm);
                    }
                    byte[] initSecContext = createContext.initSecContext(retrieveSubject, hostName, jobMgrSecurityRealm);
                    if (createOpaqueTokenFromSubject != null) {
                        hashtable.put(InternalJobConstants.SEC_OPAQUE_TOKEN, createOpaqueTokenFromSubject);
                    } else if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "opaqueToken is null!!  No opaqueToken is available");
                    }
                    if (initSecContext != null) {
                        hashtable.put(InternalJobConstants.SEC_TOKEN, initSecContext);
                    } else if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "secToken is null!!  No securityToken is available!!!");
                    }
                } else if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "wsCred is null!! either security is off or something major is wrong!!");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Subject on the thread is null.  Either security is off or something else is wrong!!");
            }
        }
        byte[] byteArray = JobMgrHelper.toByteArray(hashtable);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProcessedSecurityMetadata()", byteArray);
        }
        return byteArray;
    }

    protected String getJobMgrSecurityRealm() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJobMgrSecurityRealm");
        }
        String string = SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString("OID");
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "_deviceSecOID: ", string);
        }
        String defaultRealm = ContextManagerFactory.getInstance().getDefaultRealm(string);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getJobMgrSecurityRealm", defaultRealm);
        }
        return defaultRealm;
    }

    static {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SOURCE CODE INFO: SERV1/ws/code/admin.system/src/com/ibm/ws/management/system/smgr/util/JobMgrSecurityHelper.java, WAS.admin.flexmgmt, WAS855.SERV1, cf111646.01, ver. 1.8");
        }
    }
}
