package com.ibm.ws.security.context;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.asynchbeans.ServiceContext;
import com.ibm.ws.drs.utils.DRSConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigResource;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.ServerStatusHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.token.AuthenticationTokenImpl;
import com.ibm.ws.security.token.AuthorizationTokenImpl;
import com.ibm.ws.security.token.SingleSignonTokenImpl;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.SyncToOSThreadHelper;
import com.ibm.wsspi.security.context.Context;
import com.ibm.wsspi.security.context.Domain;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/ws/security/context/ContextImpl.class */
public class ContextImpl implements Serializable, Context, ServiceContext {
    private static final long serialVersionUID = 1;
    private static final int VERSION_1 = 1;
    private static final int VERSION_2 = 2;
    private static final int CURRENT_VERSION = 2;
    public static final String DESERIALIZE_ASYNCH_CONTEXT = "system.DESERIALIZE_ASYNCH_CONTEXT";
    private int version;
    private boolean isCallerSame;
    private byte[] runAsSubjToken;
    private byte[] runAsLoginToken;
    private byte[] callerSubjToken;
    private byte[] callerLoginToken;
    private Domain domain;
    private transient Subject runAsSubj;
    private transient Subject callerSubj;
    private transient Map propagationTokens;
    private transient Stack contextStack;
    private transient Stack<Object> syncStack;
    private transient PrivilegedExceptionAction privGetRunAsSubject;
    private transient PrivilegedExceptionAction privGetCallerSubject;
    private static final TraceComponent log = Tr.register((Class<?>) ContextImpl.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static final SecurityManager sm = System.getSecurityManager();
    private static final WSOpaqueTokenHelper tkHelper = WSOpaqueTokenHelper.getInstance();
    private static Object syncCallerObject = new Object();
    private static Object syncRunAsObject = new Object();
    private static Object syncDeserializeSubjectObject = new Object();
    private static final SyncToOSThreadHelper syncHelper = new SyncToOSThreadHelper();
    public static final WebSphereRuntimePermission PERM_SET = new WebSphereRuntimePermission("setSecurityContext");
    public static final WebSphereRuntimePermission PERM_RESTORE = new WebSphereRuntimePermission("restoreSecurityContext");
    public static final WebSphereRuntimePermission PERM_RUN_WITH = new WebSphereRuntimePermission("runWithSecurityContext");
    public static final WebSphereRuntimePermission PERM_MODIFY_CONTEXT = new WebSphereRuntimePermission("modifySecurityContext");
    public static final WebSphereRuntimePermission PERM_READ_CONTEXT = new WebSphereRuntimePermission("readSecurityContext");

    public ContextImpl(boolean z) throws WSSecurityException {
        this.version = 2;
        this.isCallerSame = true;
        this.contextStack = new Stack();
        this.syncStack = new Stack<>();
        this.privGetRunAsSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextManagerFactory.getInstance().getInvocationSubject();
            }
        };
        this.privGetCallerSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextManagerFactory.getInstance().getCallerSubject();
            }
        };
        if (log.isEntryEnabled()) {
            Tr.entry(log, "ContextImpl(boolean)", "Create context for unauthenticated Subject? " + z);
        }
        try {
            retrieveAndSaveCurrentSubjects(z);
            this.propagationTokens = ContextManagerFactory.getInstance().getPropagationTokens();
            SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
            this.domain = new Domain();
            if (securityConfigManager.isAdminAgent()) {
                this.domain.setProfileId(AdminContext.peek());
            } else {
                SecurityConfigResource peekContext = SecurityObjectLocator.peekContext();
                if (peekContext != null) {
                    this.domain.setApplicationName(peekContext.getName());
                    this.domain.setApplicationType(peekContext.getType());
                } else {
                    this.domain.setApplicationName("");
                    this.domain.setApplicationType("admin");
                }
            }
            if (log.isEntryEnabled()) {
                Tr.exit(log, "ContextImpl");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "ContextImpl", "273", this);
            WSSecurityException wSSecurityException = new WSSecurityException("Unable to retrieve current Subjects");
            wSSecurityException.initCause(e);
            throw wSSecurityException;
        }
    }

    public ContextImpl() throws WSSecurityException {
        this(false);
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Object runWith(PrivilegedExceptionAction privilegedExceptionAction) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "runWith", privilegedExceptionAction);
        }
        if (privilegedExceptionAction == null) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWith", "PrivilegedExceptionAction must not be null.");
            }
            throw new WSSecurityException("PrivilegedExceptionAction must not be null.");
        }
        if (sm != null) {
            sm.checkPermission(PERM_RUN_WITH);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        Subject pushInvocationSubject = contextManagerFactory.pushInvocationSubject(this.runAsSubj);
        Subject pushReceivedSubject = contextManagerFactory.pushReceivedSubject(this.callerSubj);
        if (log.isDebugEnabled()) {
            Tr.debug(log, "runWith", "Context has been pushed on the running thread.");
        }
        Object obj = null;
        Exception exc = null;
        boolean z = false;
        SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        try {
            try {
                if (this.domain != null) {
                    z = securityConfigManager.isAdminAgent() ? AdminContext.push(this.domain.getProfileId()) : SecurityObjectLocator.pushContext(this.domain.getApplicationName(), this.domain.getApplicationType());
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "runWith Domain has been pushed on the running thread.");
                    }
                } else if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith Domain is null, no domain pushed");
                }
                obj = privilegedExceptionAction.run();
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith", "action.run() completed with no errors.");
                }
                if (z) {
                    if (securityConfigManager.isAdminAgent()) {
                        AdminContext.pop();
                    } else {
                        SecurityObjectLocator.popContext();
                    }
                }
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith", "Domain has been popped from the running thread.");
                }
                contextManagerFactory.popInvocationSubject(pushInvocationSubject);
                contextManagerFactory.popReceivedSubject(pushReceivedSubject);
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith", "Context has been popped from the running thread.");
                }
                if (0 != 0) {
                    String str = "Exception " + ((Object) null) + " ocurred while running action: " + privilegedExceptionAction;
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "runWith", str);
                    }
                    WSSecurityException wSSecurityException = new WSSecurityException(str);
                    wSSecurityException.initCause(null);
                    throw wSSecurityException;
                }
            } catch (Exception e) {
                exc = e;
                FFDCFilter.processException(e, "runWith", "369", this);
                if (z) {
                    if (securityConfigManager.isAdminAgent()) {
                        AdminContext.pop();
                    } else {
                        SecurityObjectLocator.popContext();
                    }
                }
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith", "Domain has been popped from the running thread.");
                }
                contextManagerFactory.popInvocationSubject(pushInvocationSubject);
                contextManagerFactory.popReceivedSubject(pushReceivedSubject);
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWith", "Context has been popped from the running thread.");
                }
                if (exc != null) {
                    String str2 = "Exception " + exc + " ocurred while running action: " + privilegedExceptionAction;
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "runWith", str2);
                    }
                    WSSecurityException wSSecurityException2 = new WSSecurityException(str2);
                    wSSecurityException2.initCause(exc);
                    throw wSSecurityException2;
                }
            }
            if (log.isEntryEnabled()) {
                Tr.exit(log, "runWith", obj);
            }
            return obj;
        } catch (Throwable th) {
            if (z) {
                if (securityConfigManager.isAdminAgent()) {
                    AdminContext.pop();
                } else {
                    SecurityObjectLocator.popContext();
                }
            }
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWith", "Domain has been popped from the running thread.");
            }
            contextManagerFactory.popInvocationSubject(pushInvocationSubject);
            contextManagerFactory.popReceivedSubject(pushReceivedSubject);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWith", "Context has been popped from the running thread.");
            }
            if (exc == null) {
                throw th;
            }
            String str3 = "Exception " + exc + " ocurred while running action: " + privilegedExceptionAction;
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWith", str3);
            }
            WSSecurityException wSSecurityException3 = new WSSecurityException(str3);
            wSSecurityException3.initCause(exc);
            throw wSSecurityException3;
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Object runWithDomain(PrivilegedExceptionAction privilegedExceptionAction) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "runWithDomain", privilegedExceptionAction);
        }
        if (privilegedExceptionAction == null) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWithDomain", "PrivilegedExceptionAction must not be null.");
            }
            throw new WSSecurityException("PrivilegedExceptionAction must not be null.");
        }
        if (sm != null) {
            sm.checkPermission(PERM_RUN_WITH);
        }
        SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        boolean z = false;
        Object obj = null;
        Exception exc = null;
        try {
            if (this.domain != null) {
                z = securityConfigManager.isAdminAgent() ? AdminContext.push(this.domain.getProfileId()) : SecurityObjectLocator.pushContext(this.domain.getApplicationName(), this.domain.getApplicationType());
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWithDomain", "Domain has been pushed on the running thread.");
                }
            }
            try {
                obj = privilegedExceptionAction.run();
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "runWithDomain", "action.run() completed with no errors.");
                }
            } catch (Exception e) {
                exc = e;
                FFDCFilter.processException(e, "runWithDomain", "459", this);
            }
            if (z) {
                if (securityConfigManager.isAdminAgent()) {
                    AdminContext.pop();
                } else {
                    SecurityObjectLocator.popContext();
                }
            }
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWithDomain", "Domain has been popped from the running thread.");
            }
            if (exc == null) {
                if (log.isEntryEnabled()) {
                    Tr.exit(log, "runWithDomain", obj);
                }
                return obj;
            }
            String str = "Exception " + exc + " ocurred while running action: " + privilegedExceptionAction;
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWithDomain", str);
            }
            WSSecurityException wSSecurityException = new WSSecurityException(str);
            wSSecurityException.initCause(exc);
            throw wSSecurityException;
        } catch (Throwable th) {
            if (z) {
                if (securityConfigManager.isAdminAgent()) {
                    AdminContext.pop();
                } else {
                    SecurityObjectLocator.popContext();
                }
            }
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWithDomain", "Domain has been popped from the running thread.");
            }
            if (0 == 0) {
                throw th;
            }
            String str2 = "Exception " + ((Object) null) + " ocurred while running action: " + privilegedExceptionAction;
            if (log.isDebugEnabled()) {
                Tr.debug(log, "runWithDomain", str2);
            }
            WSSecurityException wSSecurityException2 = new WSSecurityException(str2);
            wSSecurityException2.initCause(null);
            throw wSSecurityException2;
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void restoreContext() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "restoreContext");
        }
        if (this.contextStack.isEmpty()) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "restoreContext", "setContext() must be invoked before restoreContext().");
            }
            throw new WSSecurityException("setContext() must be invoked before restoreContext().");
        }
        if (sm != null) {
            sm.checkPermission(PERM_RESTORE);
        }
        handleSyncToOSThread(syncHelper, this.syncStack, false);
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        contextManagerFactory.popReceivedSubject((Subject) this.contextStack.pop());
        contextManagerFactory.popInvocationSubject((Subject) this.contextStack.pop());
        if (log.isEntryEnabled()) {
            Tr.exit(log, "restoreContext");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setContext() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setContext");
        }
        if (sm != null) {
            sm.checkPermission(PERM_SET);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        this.contextStack.push(contextManagerFactory.pushInvocationSubject(this.runAsSubj));
        this.contextStack.push(contextManagerFactory.pushReceivedSubject(this.callerSubj));
        handleSyncToOSThread(syncHelper, this.syncStack, true);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setContext");
        }
    }

    protected void handleSyncToOSThread(SyncToOSThreadHelper syncToOSThreadHelper, Stack<Object> stack, boolean z) {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "handleSyncToOSThread", new Object[]{"localSyncHelper=" + syncToOSThreadHelper, "localSyncStack=" + stack, "set=" + z});
        }
        if (syncHelper.isCurrentComponentAppSyncEnabled()) {
            if (log.isDebugEnabled()) {
                Tr.debug(log, "syncHelper.isCurrentComponentAppSyncEnabled is true");
            }
            Boolean bool = null;
            Object obj = null;
            if (z) {
                Boolean valueOf = Boolean.valueOf(syncHelper.isThreadLocalApplicationSyncEnabled());
                try {
                    obj = syncHelper.setAppSyncToThread(this.runAsSubj);
                    syncHelper.setThreadLocalApplicationSyncEnabled(true);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "handleSyncToOSThread", "569", this);
                    Tr.debug(log, "Took exception establishing syncToOSThread: " + e.getMessage());
                }
                this.syncStack.push(valueOf);
                this.syncStack.push(obj);
            } else {
                try {
                    Object pop = this.syncStack.pop();
                    bool = (Boolean) this.syncStack.pop();
                    if (pop != null) {
                        syncHelper.restoreAppSyncToThread(pop);
                    }
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "handleSyncToOSThread", "582", this);
                    Tr.debug(log, "Took exception restoring syncToOSThread: " + e2.getMessage());
                }
                if (bool != null) {
                    syncHelper.setThreadLocalApplicationSyncEnabled(bool.booleanValue());
                }
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "handleSyncToOSThread");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Subject getCallerSubject() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getCallerSubject");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getCallerSubject", this.callerSubj);
        }
        return this.callerSubj;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Subject getRunAsSubject() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getRunAsSubject");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getRunAsSubject", this.runAsSubj);
        }
        return this.runAsSubj;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setCallerSubject(Subject subject) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setCallerSubject", subject);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.callerSubj = subject;
        this.isCallerSame = this.callerSubj == this.runAsSubj;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setCallerSubject", this.callerSubj);
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setRunAsSubject(Subject subject) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setRunAsSubject", subject);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.runAsSubj = subject;
        this.isCallerSame = this.callerSubj == this.runAsSubj;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setRunAsSubject", this.runAsSubj);
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Map getPropagationTokens() throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getPropagationTokens");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getPropagationTokens");
        }
        return this.propagationTokens;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setPropagationTokens(Map map) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setPropagationTokens", map);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.propagationTokens = map;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setPropagationTokens");
        }
    }

    @Override // com.ibm.wsspi.security.context.Context
    public Domain getDomain() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getDomain");
        }
        if (sm != null) {
            sm.checkPermission(PERM_READ_CONTEXT);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getDomain", this.domain);
        }
        return this.domain;
    }

    @Override // com.ibm.wsspi.security.context.Context
    public void setDomain(Domain domain) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "setDomain", domain);
        }
        if (sm != null) {
            sm.checkPermission(PERM_MODIFY_CONTEXT);
        }
        this.domain = domain;
        if (log.isEntryEnabled()) {
            Tr.exit(log, "setDomain");
        }
    }

    private boolean isCallerSame() {
        return this.isCallerSame;
    }

    private void retrieveAndSaveCurrentSubjects(boolean z) throws PrivilegedActionException, WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "retrieveAndSaveCurrentSubjects", "Use unauthenticated Subject? " + z);
        }
        if (z) {
            Subject createUnauthenticatedSubject = ContextManagerFactory.getInstance().createUnauthenticatedSubject();
            this.runAsSubj = createUnauthenticatedSubject;
            this.isCallerSame = this.callerSubj == this.runAsSubj;
            this.callerSubj = createUnauthenticatedSubject;
            this.isCallerSame = this.callerSubj == this.runAsSubj;
        } else {
            this.runAsSubj = (Subject) AccessController.doPrivileged(this.privGetRunAsSubject);
            this.isCallerSame = this.callerSubj == this.runAsSubj;
            this.callerSubj = (Subject) AccessController.doPrivileged(this.privGetCallerSubject);
            this.isCallerSame = this.callerSubj == this.runAsSubj;
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "retrieveAndSaveCurrentSubjects");
        }
    }

    void initForTest(int i, String[] strArr, Subject[] subjectArr, byte[][] bArr, byte[][] bArr2) {
        this.version = i;
        this.runAsSubj = subjectArr[0];
        this.callerSubj = subjectArr[1];
        this.runAsSubjToken = bArr[0];
        this.runAsLoginToken = bArr[1];
        this.callerSubjToken = bArr2[0];
        this.callerLoginToken = bArr2[1];
    }

    private Subject doLogin(byte[] bArr, byte[] bArr2, boolean z) throws WSSecurityException {
        Subject privDoLogin;
        if (log.isEntryEnabled()) {
            Tr.entry(log, "doLogin", new Object[]{"Login token=" + bArr, "Subject token=" + bArr2, "newLtpaKeys=" + z});
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (bArr == null) {
            if (log.isEntryEnabled()) {
                Tr.exit(log, "doLogin", "Login token is null, returning unauthenticated.");
            }
            return contextManagerFactory.createUnauthenticatedSubject();
        }
        String defaultRealm = contextManagerFactory.getDefaultRealm();
        HashMap hashMap = new HashMap();
        hashMap.put(com.ibm.wsspi.security.context.ContextManager.DESERIALIZE_ASYNCH_LOGIN_RENEW, Boolean.TRUE);
        hashMap.put(com.ibm.wsspi.security.context.ContextManager.DESERIALIZE_ASYNCH_LOGIN, Boolean.TRUE);
        try {
            try {
                String accessIdAndCacheTokenHolderList = getAccessIdAndCacheTokenHolderList(bArr2, z);
                if (!z) {
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "doing login with token");
                    }
                    privDoLogin = contextManagerFactory.login(defaultRealm, bArr, DESERIALIZE_ASYNCH_CONTEXT, (HttpServletRequest) null, (HttpServletResponse) null, hashMap);
                    contextManagerFactory.getWSCredTokenMapper().processSSOTokenAttrsFromWSCredHashtable(null, SubjectHelper.getWSCredentialFromSubject(privDoLogin));
                } else {
                    if (accessIdAndCacheTokenHolderList == null || accessIdAndCacheTokenHolderList.length() <= 0) {
                        throw new WSLoginFailedException("New LTPA keys but no accessId found in authz token");
                    }
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "doing login with accessId of " + accessIdAndCacheTokenHolderList);
                    }
                    privDoLogin = privDoLogin(defaultRealm, accessIdAndCacheTokenHolderList, DESERIALIZE_ASYNCH_CONTEXT, null, null, hashMap);
                }
                if (log.isEntryEnabled()) {
                    Tr.exit(log, "doLogin");
                }
                return privDoLogin;
            } catch (WSLoginFailedException e) {
                FFDCFilter.processException(e, "doLogin", "813", this);
                WSSecurityException wSSecurityException = new WSSecurityException(e.getMessage());
                wSSecurityException.initCause(e);
                throw wSSecurityException;
            } catch (PrivilegedActionException e2) {
                Tr.debug(log, "PrivilegedActionException caught in doLogin, message is " + e2.getMessage());
                FFDCFilter.processException(e2, "doLogin", "808", this);
                WSSecurityException wSSecurityException2 = new WSSecurityException(e2.getMessage());
                wSSecurityException2.initCause(e2);
                throw wSSecurityException2;
            }
        } finally {
            removeTokenHolderListFromCache();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] createSubjectToken(Subject subject) throws WSLoginFailedException, WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "createSubjectToken", "Subject is null? " + (subject == null));
        }
        byte[] bArr = null;
        if (subject != null) {
            SingleSignonToken defaultSSOTokenFromSubject = SubjectHelper.getDefaultSSOTokenFromSubject(subject);
            WSCredentialImpl wSCredentialImpl = (WSCredentialImpl) SubjectHelper.getWSCredentialFromSubject(subject);
            Hashtable copySSOAttrsToWSCredHashtable = copySSOAttrsToWSCredHashtable(defaultSSOTokenFromSubject, wSCredentialImpl);
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            Map propagationTokens = contextManagerFactory.getPropagationTokens();
            contextManagerFactory.setPropagationTokens(this.propagationTokens);
            try {
                bArr = tkHelper.createOpaqueTokenFromSubject(subject);
                contextManagerFactory.setPropagationTokens(propagationTokens);
                if (copySSOAttrsToWSCredHashtable != null) {
                    wSCredentialImpl.setTable(copySSOAttrsToWSCredHashtable);
                }
            } catch (Throwable th) {
                contextManagerFactory.setPropagationTokens(propagationTokens);
                if (copySSOAttrsToWSCredHashtable != null) {
                    wSCredentialImpl.setTable(copySSOAttrsToWSCredHashtable);
                }
                throw th;
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "createSubjectToken", "Token created is null? " + (bArr == null));
        }
        return bArr;
    }

    private String getAccessIdAndCacheTokenHolderList(byte[] bArr, boolean z) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getAccessIdAndCacheTokenHolderList", new Object[]{bArr, Boolean.valueOf(z)});
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        ArrayList createTokenHolderListFromOpaqueToken = tkHelper.createTokenHolderListFromOpaqueToken(bArr);
        if (log.isDebugEnabled()) {
            Tr.debug(log, "getAccessIdAndCacheTokenHolderList", "tokenList=" + createTokenHolderListFromOpaqueToken);
        }
        String opaqueTokenLookup = tkHelper.getOpaqueTokenLookup();
        String str = null;
        if (z) {
            str = getAccessIdAndRemoveEncryptedTokensFromTokenList(createTokenHolderListFromOpaqueToken);
        }
        contextManagerFactory.put(opaqueTokenLookup, createTokenHolderListFromOpaqueToken);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getAccessIdAndCacheTokenHolderList", "accessId=" + str);
        }
        return str;
    }

    private void removeTokenHolderListFromCache() {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "removeTokenHolderListFromCache");
        }
        ContextManagerFactory.getInstance().put(tkHelper.getOpaqueTokenLookup(), null);
        if (log.isEntryEnabled()) {
            Tr.exit(log, "removeTokenHolderListFromCache");
        }
    }

    public String toString() {
        return (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.context.ContextImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                StringBuffer stringBuffer = new StringBuffer(super.toString());
                stringBuffer.append(", RunAs=" + ContextImpl.this.runAsSubj);
                stringBuffer.append(", Caller=" + ContextImpl.this.callerSubj);
                return stringBuffer.toString();
            }
        });
    }

    long getExpirationCushion(SecurityConfig securityConfig) {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getExpirationCushion", "SecurityConfig = " + securityConfig);
        }
        long j = 60000;
        try {
            if (securityConfig != null) {
                try {
                    long longValue = Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_MAX)).longValue() * DRSConstants.DRS_SOLICIT_INITIAL_DELAY_MS;
                    long longValue2 = Long.valueOf(securityConfig.getProperty(SecurityConfig.CACHE_CUSHION_TIME)).longValue() * DRSConstants.DRS_SOLICIT_INITIAL_DELAY_MS;
                    if (longValue2 > longValue) {
                        j = longValue;
                    } else if (longValue2 > 0) {
                        j = longValue2;
                    }
                } catch (NumberFormatException e) {
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "NumberFormatException Unable to get security configuration, default value will be used.");
                    }
                }
            } else if (log.isDebugEnabled()) {
                Tr.debug(log, "Unable to get security configuration, default value will be used.");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "getExpirationCushion", "945", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "Exception " + e2 + " ignored, default value will be used.");
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getExpirationCushion", "Expiration cushion value = " + j);
        }
        return j;
    }

    private byte[] privCreateSubjectToken(final Subject subject) throws WSLoginFailedException, WSSecurityException, PrivilegedActionException {
        return (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextImpl.this.createSubjectToken(subject);
            }
        });
    }

    private AuthenticationToken privCreateAuthTokenFromWSCredential(final WSCredential wSCredential, final WSCredentialTokenMapperInterface wSCredentialTokenMapperInterface) throws WSLoginFailedException, PrivilegedActionException {
        return (AuthenticationToken) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return wSCredentialTokenMapperInterface.createAuthTokenFromWSCredential(wSCredential);
            }
        });
    }

    private Subject privDoLogin(final String str, final String str2, final String str3, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse, final Map map) throws WSLoginFailedException, PrivilegedActionException {
        return (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.context.ContextImpl.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ContextManagerFactory.getInstance().login(str, str2, str3, httpServletRequest, httpServletResponse, map);
            }
        });
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException, Exception {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "writeObject", objectOutputStream);
        }
        if (!ServerStatusHelper.isServer()) {
            if (log.isEntryEnabled()) {
                Tr.exit(log, "writeObject - context serialization is not currently supported on clients, returning");
                return;
            }
            return;
        }
        if (log.isDebugEnabled()) {
            Tr.debug(log, "dumping attributes for runAs subject before writing");
            dumpTokenAttributes(this.runAsSubj);
            if (isCallerSame()) {
                Tr.debug(log, "caller is same as runAs, no need to dump attributes");
            } else {
                Tr.debug(log, "dumping attributes for caller subject before writing");
                dumpTokenAttributes(this.callerSubj);
            }
        }
        try {
            WSCredentialTokenMapperInterface wSCredTokenMapper = ContextManagerFactory.getInstance().getWSCredTokenMapper();
            SecurityConfig securityConfig = null;
            if (SecurityObjectLocator.getSecurityConfigManager().isWASServer()) {
                securityConfig = SecurityObjectLocator.getSecurityConfig();
            }
            AuthenticationToken authenticationToken = null;
            if (this.runAsSubj != null) {
                synchronized (syncRunAsObject) {
                    boolean checkCushionValidityOfAllTokens = securityConfig == null ? wSCredTokenMapper.checkCushionValidityOfAllTokens(this.runAsSubj, DRSConstants.DRS_SOLICIT_INITIAL_DELAY_MS, true) : wSCredTokenMapper.checkCushionValidityOfAllTokens(this.runAsSubj, getExpirationCushion(securityConfig), true);
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "checkCushionValidityOfAllTokens = " + checkCushionValidityOfAllTokens);
                    }
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this.runAsSubj);
                    if (wSCredentialFromSubject != null && !wSCredentialFromSubject.isUnauthenticated()) {
                        this.runAsSubjToken = privCreateSubjectToken(this.runAsSubj);
                        authenticationToken = privCreateAuthTokenFromWSCredential(wSCredentialFromSubject, wSCredTokenMapper);
                    }
                    this.runAsLoginToken = authenticationToken != null ? authenticationToken.getBytes() : null;
                }
            }
            if (isCallerSame()) {
                this.callerSubjToken = this.runAsSubjToken;
                this.callerLoginToken = this.runAsLoginToken;
            } else {
                AuthenticationToken authenticationToken2 = null;
                synchronized (syncCallerObject) {
                    boolean checkCushionValidityOfAllTokens2 = securityConfig == null ? wSCredTokenMapper.checkCushionValidityOfAllTokens(this.callerSubj, DRSConstants.DRS_SOLICIT_INITIAL_DELAY_MS, true) : wSCredTokenMapper.checkCushionValidityOfAllTokens(this.callerSubj, getExpirationCushion(securityConfig), true);
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "checkCushionValidityOfAllTokens = " + checkCushionValidityOfAllTokens2);
                    }
                    WSCredential wSCredentialFromSubject2 = SubjectHelper.getWSCredentialFromSubject(this.callerSubj);
                    if (wSCredentialFromSubject2 != null && !wSCredentialFromSubject2.isUnauthenticated()) {
                        this.callerSubjToken = privCreateSubjectToken(this.callerSubj);
                        authenticationToken2 = privCreateAuthTokenFromWSCredential(wSCredentialFromSubject2, wSCredTokenMapper);
                    }
                    this.callerLoginToken = authenticationToken2 != null ? authenticationToken2.getBytes() : null;
                }
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "writeObject", "1113", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "writeObject", e);
            }
        } catch (WSLoginFailedException e2) {
            FFDCFilter.processException(e2, "writeObject", "1108", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "writeObject", e2);
            }
        } catch (PrivilegedActionException e3) {
            Throwable cause = e3.getCause();
            if (((cause instanceof WSLoginFailedException) || (cause instanceof WSSecurityException)) && log.isDebugEnabled()) {
                Tr.debug(log, "writeObject: swallowing doPriv login failure");
            }
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        if (log.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("Serializing Context version: " + this.version + ", serialVersionUID=1");
            stringBuffer.append(", isCallerSame=" + this.isCallerSame);
            stringBuffer.append(", runAsSubjToken=" + this.runAsSubjToken + ", runAsLoginToken=" + this.runAsLoginToken);
            stringBuffer.append(", callerSubjToken=" + this.callerSubjToken + ", callerLoginToken=" + this.callerLoginToken);
            Tr.debug(log, "writeObject", stringBuffer.toString());
        }
        putFields.put("version", this.version);
        putFields.put("isCallerSame", this.isCallerSame);
        putFields.put("runAsSubjToken", this.runAsSubjToken);
        putFields.put("runAsLoginToken", this.runAsLoginToken);
        if (!this.isCallerSame) {
            putFields.put("callerSubjToken", this.callerSubjToken);
            putFields.put("callerLoginToken", this.callerLoginToken);
        }
        if (this.version == 2) {
            putFields.put("domain", this.domain);
        }
        objectOutputStream.writeFields();
        if (log.isEntryEnabled()) {
            Tr.exit(log, "writeObject", this);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x0046. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0112 A[Catch: all -> 0x024f, TryCatch #2 {, blocks: (B:15:0x0032, B:16:0x0046, B:17:0x0060, B:19:0x0069, B:20:0x0092, B:21:0x0100, B:23:0x0112, B:25:0x011b, B:26:0x0124, B:28:0x012f, B:29:0x01fa, B:31:0x0203, B:33:0x021b, B:34:0x022f, B:35:0x0237, B:37:0x0240, B:39:0x024b, B:44:0x0139, B:46:0x0146, B:48:0x015c, B:49:0x0177, B:53:0x0188, B:55:0x0194, B:56:0x019b, B:58:0x01b0, B:59:0x01ce, B:60:0x01f9, B:62:0x009e, B:65:0x00d6, B:66:0x00ff), top: B:14:0x0032, inners: #0, #1 }] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0203 A[Catch: all -> 0x024f, TryCatch #2 {, blocks: (B:15:0x0032, B:16:0x0046, B:17:0x0060, B:19:0x0069, B:20:0x0092, B:21:0x0100, B:23:0x0112, B:25:0x011b, B:26:0x0124, B:28:0x012f, B:29:0x01fa, B:31:0x0203, B:33:0x021b, B:34:0x022f, B:35:0x0237, B:37:0x0240, B:39:0x024b, B:44:0x0139, B:46:0x0146, B:48:0x015c, B:49:0x0177, B:53:0x0188, B:55:0x0194, B:56:0x019b, B:58:0x01b0, B:59:0x01ce, B:60:0x01f9, B:62:0x009e, B:65:0x00d6, B:66:0x00ff), top: B:14:0x0032, inners: #0, #1 }] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0240 A[Catch: all -> 0x024f, TryCatch #2 {, blocks: (B:15:0x0032, B:16:0x0046, B:17:0x0060, B:19:0x0069, B:20:0x0092, B:21:0x0100, B:23:0x0112, B:25:0x011b, B:26:0x0124, B:28:0x012f, B:29:0x01fa, B:31:0x0203, B:33:0x021b, B:34:0x022f, B:35:0x0237, B:37:0x0240, B:39:0x024b, B:44:0x0139, B:46:0x0146, B:48:0x015c, B:49:0x0177, B:53:0x0188, B:55:0x0194, B:56:0x019b, B:58:0x01b0, B:59:0x01ce, B:60:0x01f9, B:62:0x009e, B:65:0x00d6, B:66:0x00ff), top: B:14:0x0032, inners: #0, #1 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void readObject(java.io.ObjectInputStream r7) throws java.io.IOException, java.lang.ClassNotFoundException {
        /*
            Method dump skipped, instructions count: 599
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.context.ContextImpl.readObject(java.io.ObjectInputStream):void");
    }

    private void deserializeSubjects(boolean z) throws WSSecurityException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "deserializeSubjects newLtpaKeys=" + z);
        }
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        Map propagationTokens = contextManagerFactory.getPropagationTokens();
        try {
            contextManagerFactory.setPropagationTokens(null);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "deserializeSubjects", "Propagation Tokens before login: " + propagationTokens);
            }
            Subject doLogin = doLogin(this.runAsLoginToken, this.runAsSubjToken, z);
            if (isCallerSame()) {
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "deserializeSubjects", "callerSubject is same as runAsSubject, no need to perform login for callerSubject.");
                }
                setRunAsSubject(doLogin);
                setCallerSubject(doLogin);
                setPropagationTokens(contextManagerFactory.getPropagationTokens());
            } else {
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "deserializeSubjects", "callerSubject is not same as runAsSubject, must perform login to get callerSubject.");
                }
                setRunAsSubject(doLogin);
                contextManagerFactory.setPropagationTokens(null);
                setCallerSubject(doLogin(this.callerLoginToken, this.callerSubjToken, z));
                setPropagationTokens(contextManagerFactory.getPropagationTokens());
            }
            if (log.isEntryEnabled()) {
                Tr.exit(log, "deserializeSubjects", "Subjects have been successfully deserialized.");
            }
        } finally {
            contextManagerFactory.setPropagationTokens(propagationTokens);
        }
    }

    private void readState(ObjectInputStream.GetField getField, int i) throws IOException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "readState");
        }
        this.isCallerSame = getField.get("isCallerSame", true);
        this.runAsSubjToken = (byte[]) getField.get("runAsSubjToken", (Object) null);
        this.runAsLoginToken = (byte[]) getField.get("runAsLoginToken", (Object) null);
        if (!this.isCallerSame) {
            this.callerSubjToken = (byte[]) getField.get("callerSubjToken", (Object) null);
            this.callerLoginToken = (byte[]) getField.get("callerLoginToken", (Object) null);
        }
        if (log.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("Deserialized Context version: " + i + ", serialVersionUID=1");
            stringBuffer.append(", isCallerSame=" + this.isCallerSame);
            stringBuffer.append(", runAsSubjToken=" + this.runAsSubjToken + ", runAsLoginToken=" + this.runAsLoginToken);
            stringBuffer.append(", callerSubjToken=" + this.callerSubjToken + ", callerLoginToken=" + this.callerLoginToken);
            Tr.debug(log, "readState", stringBuffer.toString());
        }
        if (i == 2) {
            this.domain = (Domain) getField.get("domain", (Object) null);
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "readState", "Context state has been successfully deserialized.");
        }
    }

    protected void handleNewLtpaKeys() throws IOException {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "handleNewLtpaKeys");
        }
        try {
            deserializeSubjects(true);
            if (log.isEntryEnabled()) {
                Tr.exit(log, "handleNewLtpaKeys");
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "handleNewLtpaKeys", "1341", this);
            if (log.isDebugEnabled()) {
                Tr.debug(log, "handleNewLtpaKeys", "Unable to deserialize the Subjects in this Context, cause: " + e);
            }
            IOException iOException = new IOException("Unable to deserialize the Subjects in this Context, cause: " + e.getMessage());
            iOException.initCause(e);
            throw iOException;
        }
    }

    protected String getAccessIdAndRemoveEncryptedTokensFromTokenList(ArrayList arrayList) {
        if (log.isEntryEnabled()) {
            Tr.entry(log, "getAccessIdAndRemoveEncryptedTokensFromTokenList", arrayList);
        }
        String str = null;
        int i = -1;
        int i2 = -1;
        int i3 = -1;
        if (arrayList != null) {
            try {
                if (log.isDebugEnabled()) {
                    Tr.debug(log, "tokenList not null - size is " + arrayList.size());
                }
                for (int i4 = 0; i4 < arrayList.size(); i4++) {
                    TokenHolder tokenHolder = (TokenHolder) arrayList.get(i4);
                    if (tokenHolder != null) {
                        String name = tokenHolder.getName();
                        if (log.isDebugEnabled()) {
                            Tr.debug(log, "tokenName is " + name);
                        }
                        if ("LtpaToken".equals(name)) {
                            i = i4;
                            if (log.isDebugEnabled()) {
                                Tr.debug(log, "SSO token found at position " + i4);
                            }
                        } else if (LTPAMechOID.value.equals(name)) {
                            i3 = i4;
                            if (log.isDebugEnabled()) {
                                Tr.debug(log, "AUTHN token found at position " + i4);
                            }
                        } else if (AttributeNameConstants.WSAUTHZTOKEN_NAME.equals(name)) {
                            AuthorizationTokenImpl authorizationTokenImpl = new AuthorizationTokenImpl();
                            authorizationTokenImpl.initializeToken(tokenHolder.getBytes(), true);
                            String[] attributes = authorizationTokenImpl.getAttributes(AttributeNameConstants.WSCREDENTIAL_UNIQUEID);
                            if (attributes == null || attributes.length <= 0) {
                                Tr.debug(log, "accessIdArray from authzToken is null or length zero so we cannot set accessId");
                            } else {
                                str = attributes[0];
                                Tr.debug(log, "set accessId from authzToken to " + str);
                            }
                            i2 = i4;
                        }
                        if (((i >= 0) & (i3 >= 0)) && i2 >= 0) {
                            break;
                        }
                    }
                }
                int max = Math.max(i, i3);
                if (max >= 0) {
                    arrayList.remove(max);
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "removed token from highIndex " + max);
                    }
                    int min = Math.min(i, i3);
                    if (min >= 0) {
                        arrayList.remove(min);
                        if (log.isDebugEnabled()) {
                            Tr.debug(log, "removed token from lowIndex " + min);
                        }
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "getAccessIdAndRemoveEncryptedTokensFromTokenList", "1350", this);
                Tr.debug(log, "caught exception in getAccessIdAndRemoveEncryptedTokensFromTokenList " + e.toString());
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "getAccessIdAndRemoveEncryptedTokensFromTokenList " + str);
        }
        return str;
    }

    protected Hashtable copySSOAttrsToWSCredHashtable(SingleSignonToken singleSignonToken, WSCredential wSCredential) {
        Enumeration attributeNames;
        if (log.isEntryEnabled()) {
            Tr.entry(log, "copySSOAttrsToWSCredHashtable ssotok=" + singleSignonToken + " wscred=" + wSCredential);
        }
        Hashtable table = ((WSCredentialImpl) wSCredential).getTable();
        if (singleSignonToken != null && wSCredential != null && (attributeNames = singleSignonToken.getAttributeNames()) != null) {
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                String[] attributes = singleSignonToken.getAttributes(str);
                if (attributes != null && attributes.length > 0) {
                    String str2 = CommonConstants.SSO_TOKEN_ATTR_PREFIX + str;
                    try {
                        wSCredential.set(str2, attributes);
                    } catch (Exception e) {
                        Tr.debug(log, "exception caught setting val in wscred hashtable" + e.toString());
                    }
                    if (log.isDebugEnabled()) {
                        Tr.debug(log, "added string array with this key to wscred hashtable: " + str2);
                        for (String str3 : attributes) {
                            Tr.debug(log, "string array contains this value " + str3);
                        }
                    }
                }
            }
        }
        if (log.isEntryEnabled()) {
            Tr.exit(log, "copySSOAttrsToWSCredHashtable origHashtable=" + table);
        }
        return table;
    }

    private void dumpTokenAttributes(Subject subject) {
        if (subject != null) {
            Set<SingleSignonTokenImpl> privateCredentials = subject.getPrivateCredentials(SingleSignonTokenImpl.class);
            if (privateCredentials != null) {
                for (SingleSignonTokenImpl singleSignonTokenImpl : privateCredentials) {
                    Tr.debug(log, "Start of SSO token attributes for token named " + singleSignonTokenImpl.getName());
                    Enumeration attributeNames = singleSignonTokenImpl.getAttributeNames();
                    while (attributeNames.hasMoreElements()) {
                        String str = (String) attributeNames.nextElement();
                        String[] attributes = singleSignonTokenImpl.getAttributes(str);
                        if (attributes != null) {
                            for (String str2 : attributes) {
                                Tr.debug(log, "SSO token attribute name is " + str + " and value is " + str2);
                            }
                        } else {
                            Tr.debug(log, "SSO token attribute name " + str + " has no value");
                        }
                    }
                }
                Tr.debug(log, "End of SSO token attributes");
            }
            Set<AuthenticationTokenImpl> privateCredentials2 = subject.getPrivateCredentials(AuthenticationTokenImpl.class);
            if (privateCredentials2 != null) {
                for (AuthenticationTokenImpl authenticationTokenImpl : privateCredentials2) {
                    Tr.debug(log, "Start of Authentication token attributes for token named " + authenticationTokenImpl.getName());
                    Enumeration attributeNames2 = authenticationTokenImpl.getAttributeNames();
                    while (attributeNames2.hasMoreElements()) {
                        String str3 = (String) attributeNames2.nextElement();
                        String[] attributes2 = authenticationTokenImpl.getAttributes(str3);
                        if (attributes2 != null) {
                            for (String str4 : attributes2) {
                                Tr.debug(log, "Authentication token attribute name is " + str3 + " and value is " + str4);
                            }
                        } else {
                            Tr.debug(log, "Authentication token attribute name " + str3 + " has no value");
                        }
                    }
                }
                Tr.debug(log, "End of Authentication token attributes");
            }
        }
    }
}
