package com.ibm.ws.webservices.wssecurity.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.webservices.engine.MessageContext;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.Permission;
import java.util.HashMap;
import javax.security.auth.Subject;
import org.omg.Security.InvalidCredentialType;
import org.omg.SecurityLevel2.InvalidCredential;

/* loaded from: input_file:com/ibm/ws/webservices/wssecurity/util/CORBAHelper.class */
public final class CORBAHelper {
    private static final String FFDC_SOURCE_ID = "com.ibm.ws.webservices.wssecurity.util.CORBAHelper";
    private static final HashMap originalCallerSubject = new HashMap();
    private static final HashMap originalInvocationSubject = new HashMap();
    private static final TraceComponent tc = Tr.register((Class<?>) CORBAHelper.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final Permission MAP_CREDENTIAL = new WebSphereRuntimePermission("wssecurity.mapCredential");

    public static boolean isSecurityEnabled() {
        return ContextManagerFactory.getInstance().isCellSecurityEnabled();
    }

    public static synchronized void pushCredential(Subject subject, MessageContext messageContext) throws InvalidCredentialType, InvalidCredential {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pushCredential(" + subject + ", " + messageContext + ")");
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (contextManagerFactory != null && contextManagerFactory.isCellSecurityEnabled()) {
            try {
                Subject invocationSubject = contextManagerFactory.getInvocationSubject();
                Subject callerSubject = contextManagerFactory.getCallerSubject();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Original Caller Subject", callerSubject);
                    Tr.debug(tc, "Original Invocation Subject", invocationSubject);
                    Tr.debug(tc, "Replace Caller and Invocation Subjects with", subject);
                }
                contextManagerFactory.setInvocationSubject(subject);
                contextManagerFactory.setCallerSubject(subject);
                originalInvocationSubject.put(messageContext, invocationSubject);
                originalCallerSubject.put(messageContext, callerSubject);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, CORBAHelper.class.getName() + ".pushCredential()", "143");
                if (tc.isDebugEnabled()) {
                    StringWriter stringWriter = new StringWriter();
                    e.printStackTrace(new PrintWriter(stringWriter));
                    Tr.debug(tc, "Exception in set Caller/Invocation Subject" + stringWriter.toString());
                }
                throw new InvalidCredential();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pushCredential()");
        }
    }

    public static synchronized void popCredential(MessageContext messageContext) throws InvalidCredentialType, InvalidCredential {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "popCredential(" + messageContext + ")");
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (contextManagerFactory != null && contextManagerFactory.isCellSecurityEnabled()) {
            Subject subject = (Subject) originalCallerSubject.remove(messageContext);
            Subject subject2 = (Subject) originalInvocationSubject.remove(messageContext);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Original caller subject", subject);
                Tr.debug(tc, "Original Invocation Subject", subject2);
            }
            try {
                contextManagerFactory.setCallerSubject(subject);
                contextManagerFactory.setInvocationSubject(subject2);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, CORBAHelper.class.getName() + ".pushCredential()", "176");
                if (tc.isDebugEnabled()) {
                    StringWriter stringWriter = new StringWriter();
                    e.printStackTrace(new PrintWriter(stringWriter));
                    Tr.debug(tc, "Exception in set Caller/Invocation Subject" + stringWriter.toString());
                }
                throw new InvalidCredential();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "popCredential()");
        }
    }

    public static String getSecurityName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName()");
        }
        String str = null;
        WSCredential wSCredential = null;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        try {
            wSCredential = contextManagerFactory.getInvocationCredential();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invocation creds = " + (wSCredential == null ? "null" : wSCredential.toString()));
            }
        } catch (WSSecurityException e) {
            str = null;
            FFDCFilter.processException(e, FFDC_SOURCE_ID, "313");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error in getting security name from credential " + e.toString());
            }
        }
        try {
            if (wSCredential != null) {
                str = wSCredential.getRealmSecurityName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invocation creds securityName = " + str);
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Try getting the principal from received creds");
                }
                WSCredential[] callerCredentials = contextManagerFactory.getCallerCredentials();
                if (callerCredentials != null && callerCredentials.length != 0) {
                    WSCredential wSCredential2 = callerCredentials[0];
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Received cred = " + wSCredential2);
                    }
                    if (wSCredential2 != null) {
                        str = wSCredential2.getRealmSecurityName();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Received cred securityName = " + str);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Received creds = null");
                }
            }
        } catch (GeneralSecurityException e2) {
            str = null;
            FFDCFilter.processException(e2, FFDC_SOURCE_ID, "351");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error in getting security name from credential ", e2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityName() --> " + str);
        }
        return str;
    }
}
