package com.ibm.websphere.wim;

import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.websphere.wim.ras.WIMLogger;
import com.ibm.websphere.wim.util.PrincipalUtil;
import java.lang.reflect.Array;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:com/ibm/websphere/wim/SampleVMMSAFMappingModule.class */
public class SampleVMMSAFMappingModule implements LoginModule {
    public static final String CLASSNAME = SampleVMMSAFMappingModule.class.getName();
    private static final Logger trcLogger = WIMLogger.getTraceLogger(CLASSNAME);
    private static final String MAPPING_MODULE_NAME = "com.ibm.websphere.wim.SampleVMMSAFMappingModule";
    private static final int MAXIMUM_NAME_LENGTH = 7;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    Subject runas_subject;
    Subject caller_subject;
    private Map options;
    boolean logEnabled = trcLogger.isLoggable(Level.FINER);
    private boolean useWSPrincipalName = true;
    private boolean debugEnabled = false;
    private boolean succeeded = false;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        String str;
        String str2;
        if (map2.containsKey("debug") && (str2 = (String) map2.get("debug")) != null && str2.toLowerCase().equals(ConfigUIConstants.TRUE)) {
            this.debugEnabled = true;
        }
        if (this.debugEnabled) {
            debug("initialize() entry");
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (this.options.containsKey("useWSPrincipalName") && (str = (String) this.options.get("useWSPrincipalName")) != null && str.toLowerCase().equals(ConfigUIConstants.FALSE)) {
            this.useWSPrincipalName = false;
        }
        if (this.debugEnabled) {
            debug(new Object[]{"initialize() exit", this.subject, this.callbackHandler, this.sharedState, this.options});
        }
    }

    public boolean login() throws LoginException {
        if (this.debugEnabled) {
            debug("login() entry");
        }
        if (this.sharedState.containsKey("com.ibm.wsspi.security.token.zos_userid")) {
            if (this.debugEnabled) {
                debug("ZOS_USERID already exists:  so no additional work is needed");
            }
            this.succeeded = true;
        } else if (this.sharedState.containsKey("WSPrincipal") && this.sharedState.containsKey("WSCredential")) {
            if (this.debugEnabled) {
                debug("Principal and Credential are available:  continue with login");
            }
            String str = null;
            String str2 = null;
            Object obj = null;
            WSPrincipal wSPrincipal = (WSPrincipal) this.sharedState.get("WSPrincipal");
            WSCredential wSCredential = (WSCredential) this.sharedState.get("WSCredential");
            if (this.useWSPrincipalName) {
                if (this.debugEnabled) {
                    debug("Using name from WSPrincipal to obtain ZOS_USERID");
                }
                String stripRealm = stripRealm(wSPrincipal.getName());
                String realm = getRealm(wSCredential);
                obj = "com.ibm.websphere.security.auth.WSPrincipal";
                str = doCustomMapUser(stripRealm);
                this.succeeded = true;
                str2 = realm + "/" + str + " MappingModule:" + MAPPING_MODULE_NAME;
            } else {
                if (this.debugEnabled) {
                    debug("Using Custom logic to obtain ZOS_USERID");
                }
                this.succeeded = false;
            }
            if (this.succeeded) {
                this.sharedState.put("com.ibm.wsspi.security.token.zos_userid", str);
                this.sharedState.put("com.ibm.wsspi.security.token.zos_audit_string", str2);
                this.sharedState.put("com.ibm.wsspi.security.token.caller_principal_class", obj);
                if (this.debugEnabled) {
                    debug(new Object[]{"Values have been stored into the shared state ", str, str2, obj});
                }
            }
        } else {
            if (this.debugEnabled) {
                debug("Principal or Credential is unavailable:  skipping this Login Module");
            }
            this.succeeded = false;
        }
        if (this.debugEnabled) {
            debug("login() exit");
        }
        return this.succeeded;
    }

    public boolean commit() throws LoginException {
        if (this.debugEnabled) {
            debug("commit() entry");
        }
        boolean z = this.succeeded;
        cleanup();
        if (this.debugEnabled) {
            debug("commit() exit");
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (this.debugEnabled) {
            debug("abort() entry");
        }
        boolean z = this.succeeded;
        cleanup();
        if (this.debugEnabled) {
            debug("abort() exit");
        }
        return z;
    }

    public boolean logout() throws LoginException {
        if (this.debugEnabled) {
            debug("logout() entry");
        }
        if (!this.debugEnabled) {
            return true;
        }
        debug("logout() exit");
        return true;
    }

    private void cleanup() {
        if (this.debugEnabled) {
            debug("cleanup() entry");
        }
        this.succeeded = false;
        if (this.debugEnabled) {
            debug("cleanup() exit");
        }
    }

    private void debug(Object obj) {
        System.out.println("Debug: com.ibm.websphere.wim.SampleVMMSAFMappingModule");
        if (obj != null) {
            if (!obj.getClass().isArray()) {
                System.out.println("\t" + obj);
                return;
            }
            int length = Array.getLength(obj);
            for (int i = 0; i < length; i++) {
                System.out.println("\t" + Array.get(obj, i));
            }
        }
    }

    private String getRealm(WSCredential wSCredential) {
        String str;
        if (this.debugEnabled) {
            debug("getRealm() entry");
        }
        try {
            str = wSCredential.getRealmName();
            if (this.debugEnabled) {
                debug("Got realm='" + str + "' from credential");
            }
        } catch (Exception e) {
            if (this.debugEnabled) {
            }
            str = "UNKNOWN_REALM";
        }
        if (this.debugEnabled) {
            debug("getRealm() exit");
        }
        return str;
    }

    private String createSAFIdentityName(String str) {
        if (this.debugEnabled) {
            debug("createSAFIdentityName() entry " + str);
        }
        String upperCase = stripRealm(str).toUpperCase();
        if (upperCase.indexOf("=") >= 0) {
            upperCase = upperCase.substring(upperCase.indexOf("=") + 1, upperCase.length());
        }
        if (upperCase.indexOf(",") > 0) {
            upperCase = upperCase.substring(0, upperCase.indexOf(","));
        }
        if (upperCase.indexOf("\\") > 0) {
            upperCase = upperCase.substring(upperCase.indexOf("\\") + 1, upperCase.length());
        }
        if (upperCase.length() > 7) {
            upperCase = upperCase.substring(0, 7);
            if (this.debugEnabled) {
                debug("WSPrincipal/uniqueName shortened to " + upperCase);
            }
        }
        if (this.debugEnabled) {
            debug("createSAFIdentityName() exit");
        }
        return upperCase;
    }

    private String stripRealm(String str) {
        String substring;
        int indexOf = str.indexOf("/") + 1;
        if (indexOf >= str.length()) {
            substring = str.substring(0, indexOf - 1);
            if (this.debugEnabled) {
                debug("Stripping trailing / from WSPrincipal name");
            }
        } else {
            substring = str.substring(indexOf);
        }
        return substring;
    }

    private String doCustomMapUser(String str) {
        boolean z = true;
        try {
            z = PrincipalUtil.isRACFUser(str);
        } catch (WIMException e) {
        }
        return z ? createSAFIdentityName(str) : doMapUser(str);
    }

    private String doMapUser(String str) {
        String str2 = null;
        try {
            str2 = ((UserRegistry) new InitialContext().lookup(ConfigConstants.CONFIG_DO_USER_REGISTRY)).getUniqueUserId(str);
        } catch (Exception e) {
            debug("Exception thrown while getting uniqueID: " + e);
        }
        if (str2 == null) {
            str2 = str;
        }
        return createSAFIdentityName(str2);
    }
}
