package com.ibm.wsspi.wssecurity.auth.module;

import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.webservices.wssecurity.token.UserRegistryProcessor;
import com.ibm.wsspi.webservices.rpc.handler.soap.SOAPMessageContext;
import com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback;
import com.ibm.wsspi.wssecurity.auth.token.UsernameToken;
import com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer;
import com.ibm.xml.soapsec.Constants;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:com/ibm/wsspi/wssecurity/auth/module/IDAssertionUsernameLoginModule.class */
public class IDAssertionUsernameLoginModule implements LoginModule {
    private Subject _subject;
    private CallbackHandler _handler;
    private Map _sharedState;
    private Map _options;
    private String _username;
    private char[] _password;
    private static final String _DISABLE_REGISTRY_CHECK = "com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule.disableUserRegistryCheck";
    private static final TraceComponent tc = Tr.register(IDAssertionUsernameLoginModule.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = IDAssertionUsernameLoginModule.class.getName();
    private String comp = Constants.COMPONENT_NAME;
    private Map _properties = null;
    private SOAPMessageContext _messageContext = null;
    private boolean _isUsernameOnly = false;
    private boolean disableURCheck = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this._subject = subject;
        this._handler = callbackHandler;
        this._sharedState = map;
        this._options = map2;
        String str = (String) this._options.get(_DISABLE_REGISTRY_CHECK);
        if (str != null) {
            this.disableURCheck = "true".equalsIgnoreCase(str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "disableURCheck=" + this.disableURCheck);
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        boolean z = true;
        Callback nameCallback = new NameCallback("username: ");
        PropertyCallback propertyCallback = new PropertyCallback(null);
        String str = null;
        try {
            this._handler.handle(new Callback[]{nameCallback, propertyCallback});
            this._username = nameCallback.getName();
            this._properties = propertyCallback.getProperties();
            if (this._properties != null) {
                this._messageContext = (SOAPMessageContext) this._properties.get(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT);
                str = (String) this._properties.get(UsernameTokenConsumer._DISABLE_REGISTRY_CHECK);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "usernameCB [" + nameCallback + "]");
                Tr.debug(tc, "username [" + this._username + "]");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "disableURCheck=" + this.disableURCheck + " disableSingleURCheck=" + str);
            }
            if (this.disableURCheck || (str != null && "true".equals(str))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Skipping registry check, returning true.");
                }
                z = true;
            } else if (this._username == null || this._username.length() <= 0) {
                z = false;
            } else {
                boolean checkUsername = UserRegistryProcessor.checkUsername(this._username);
                if (!checkUsername) {
                    throw new LoginException(ConfigUtil.getMessage(this.comp + ".UserRegistryProcessor.s02", new String[]{this._username, "UserRegistryProcessor.checkUsername()=" + checkUsername}));
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login()");
            }
            return z;
        } catch (Exception e) {
            throw new LoginException(ConfigUtil.getMessage(this.comp + ".BSTokenLoginModule.s01", new String[]{e.toString()}));
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        boolean z = true;
        boolean z2 = false;
        final UsernameToken usernameToken = new UsernameToken(null, null, null);
        if (this._username == null || this._username.length() <= 0) {
            z = false;
        } else {
            final String str = this._username;
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    usernameToken.setUsername(str);
                    return null;
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Added Username [" + this._username + "].");
            }
            z2 = true;
        }
        if (!z2) {
            throw new LoginException(ConfigUtil.getMessage(this.comp + ".LoginProcessor.s11"));
        }
        if (this._properties != null) {
            this._properties.put(com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TOKEN_LOGININFO, usernameToken);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WARNING: Can't return username and user password because properties parameter is null.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "commit()");
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }
}
