package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.wsspi.security.auth.WSSubjectWrapper;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Enumeration;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/security/auth/WSSubjectWrapperImpl.class */
public class WSSubjectWrapperImpl implements WSSubjectWrapper {
    private static final TraceComponent tc = Tr.register((Class<?>) WSSubjectWrapperImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private Subject _subject;
    private String _uniqueId = null;
    private boolean _isValid = false;
    private long _expiration = -2;
    private String _principal = null;
    private boolean _initialized = false;
    private boolean _isUniqueIdSet = false;

    public WSSubjectWrapperImpl(Subject subject) {
        this._subject = null;
        this._subject = subject;
    }

    @Override // com.ibm.wsspi.security.auth.WSSubjectWrapper
    public Subject getSubject() {
        return this._subject;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public boolean isValid() {
        if (!this._initialized) {
            initialize();
        }
        return this._isValid;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public long getExpiration() {
        if (!this._initialized) {
            initialize();
        }
        return this._expiration;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public boolean isForwardable() {
        return false;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public String getPrincipal() {
        if (!this._initialized) {
            initialize();
        }
        return this._principal;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public byte[] getBytes() {
        return null;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public String getName() {
        return "com.ibm.wsspi.security.auth.WSSubjectWrapper";
    }

    @Override // com.ibm.wsspi.security.token.Token
    public short getVersion() {
        return (short) 1;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public String getUniqueID() {
        if (!this._isUniqueIdSet) {
            try {
                this._uniqueId = ContextManagerFactory.getInstance().getWSCredTokenMapper().createSubjectUniqueID(this._subject);
                if (this._uniqueId == null) {
                    this._uniqueId = SubjectHelper.getWSCredentialFromSubject(this._subject).getAccessId();
                }
                this._isUniqueIdSet = true;
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSSubjectWrapperImpl.getUniqueID", "214", new Object[]{this});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getUniqueID initialize error: " + dump(e));
                }
            }
        }
        return this._uniqueId;
    }

    @Override // com.ibm.wsspi.security.token.Token
    public void setReadOnly() {
        throw new UnsupportedOperationException();
    }

    @Override // com.ibm.wsspi.security.token.Token
    public String[] getAttributes(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // com.ibm.wsspi.security.token.Token
    public String[] addAttribute(String str, String str2) {
        throw new UnsupportedOperationException();
    }

    @Override // com.ibm.wsspi.security.token.Token
    public Enumeration getAttributeNames() {
        throw new UnsupportedOperationException();
    }

    @Override // com.ibm.wsspi.security.token.Token
    public Object clone() {
        throw new UnsupportedOperationException();
    }

    private void initialize() {
        try {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this._subject);
            this._principal = wSCredentialFromSubject.getSecurityName();
            if (!wSCredentialFromSubject.isForwardable() || wSCredentialFromSubject.isBasicAuth()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSCredential is BasicAuth or not forwardable.");
                }
                this._initialized = true;
                this._isValid = true;
            } else {
                this._expiration = wSCredentialFromSubject.getExpiration();
                this._initialized = true;
                long currentTimeMillis = this._expiration - System.currentTimeMillis();
                if (this._expiration == 0 || this._expiration == -1 || currentTimeMillis >= 0) {
                    this._isValid = true;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WSCredential has expired.");
                    }
                    this._isValid = false;
                }
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSSubjectWrapperImpl.initialize", "294", new Object[]{this});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize error: " + dump(e));
            }
        }
    }

    private String dump(Throwable th) {
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }
}
