package com.ibm.ws.sib.mediation.runtime;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.sib.admin.DestinationDefinition;
import com.ibm.ws.sib.admin.JsBus;
import com.ibm.ws.sib.admin.JsMessagingEngine;
import com.ibm.ws.sib.mediation.common.TraceConstants;
import com.ibm.ws.sib.security.auth.AuthUtilsFactory;
import com.ibm.ws.sib.security.auth.AuthenticationData;
import com.ibm.ws.sib.security.auth.SibLoginFactory;
import com.ibm.ws.sib.security.context.SecurityContextException;
import com.ibm.ws.sib.security.context.SecurityContextFactory;
import com.ibm.ws.sib.security.context.SecurityContextHelper;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.wsspi.sib.core.SIBusMessage;
import com.ibm.wsspi.sib.mediation.runtime.ContextElementHandler;
import com.ibm.wsspi.sib.mediation.runtime.StopReason;
import com.ibm.wsspi.sib.mediation.runtime.StopReasonFactory;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sib/mediation/runtime/SecurityContextHandler.class */
public class SecurityContextHandler implements ContextElementHandler {
    private static final TraceComponent _tc = SibTr.register(SecurityContextHandler.class, TraceConstants.DESTINATION_MEDIATION_RUNTIME_TRACEGROUP, TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES);
    private static final String _sourceInfo = "Source Info: @(#)SIB/ws/code/sib.mediation.destination.impl/src/com/ibm/ws/sib/mediation/runtime/SecurityContextHandler.java, SIB.mediation.runtime, WAS855.SIB, cf111646.01 1.29";
    private static SecurityContextHelper _helper;
    private static Map<String, AuthenticationData> _authDataCache;

    @Override // com.ibm.wsspi.sib.mediation.runtime.ContextElementHandler
    public StopReason start(SIBusMessage sIBusMessage, DestinationDefinition destinationDefinition, JsMessagingEngine jsMessagingEngine, Map map) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "start", new Object[]{this, sIBusMessage, destinationDefinition, jsMessagingEngine, map});
        }
        StopReason stopReason = null;
        JsBus jsBus = (JsBus) jsMessagingEngine.getBus();
        if (AuthUtilsFactory.getInstance().getAuthUtils().isServerSecure()) {
            SecurityContextHelper helper = getHelper();
            if (helper == null) {
                stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "NO_SECURITY_CWSIZ0069E", new Object[0], false);
            }
            if (stopReason == null) {
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "Bus security has been enabled");
                }
                Subject subject = null;
                try {
                    if (jsBus.getBoolean("useServerIdForMediations", false)) {
                        try {
                            subject = ContextManagerFactory.getInstance().getServerSubject();
                        } catch (WSSecurityException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.sib.mediation.runtime.SecurityContextHandler.start", "163", this);
                            Object[] objArr = {jsBus.getName(), e};
                            SibTr.error(_tc, "UNABLE_TO_GET_SERVER_IDENTITY_CWSIZ0072", objArr);
                            stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "UNABLE_TO_GET_SERVER_IDENTITY_CWSIZ", objArr, false);
                        }
                    } else {
                        String string = jsBus.getString("mediationsAuthAlias", "__null__");
                        AuthenticationData authenticationData = null;
                        if (string == null || "".equals(string)) {
                            SibTr.error(_tc, "NO_MEDIATION_AUTH_ALIAS_CWSIZ0020E", jsBus.getName());
                            stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "NO_MEDIATION_AUTH_ALIAS_CWSIZ0020E", new Object[]{jsBus.getName()}, false);
                        }
                        if (stopReason == null) {
                            authenticationData = getAuthData(jsBus.getName(), string);
                            if (authenticationData == null) {
                                Object[] objArr2 = {string, jsBus.getName()};
                                SibTr.error(_tc, "MEDIATION_AUTH_ALIAS_NOT_FOUND_CWSIZ0021E", objArr2);
                                stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "MEDIATION_AUTH_ALIAS_NOT_FOUND_CWSIZ0021E", objArr2, false);
                            }
                        }
                        if (stopReason == null) {
                            subject = SibLoginFactory.getInstance().createNewSibLogin().login(authenticationData.getPrincipal().getName());
                            if (subject == null) {
                                Object[] objArr3 = {string, jsBus.getName()};
                                SibTr.error(_tc, "MEDIATION_IDENTITY_NOT_VALID_CWSIZ0045E", objArr3);
                                stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "MEDIATION_IDENTITY_NOT_VALID_CWSIZ0045E", objArr3, false);
                            }
                        }
                    }
                    if (stopReason == null && subject != null) {
                        helper.pushRunAs(subject);
                        map.put(getClass().getName(), true);
                    }
                } catch (SecurityContextException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.sib.mediation.runtime.SecurityContextHandler.start", "67", this);
                    SibTr.error(_tc, "MEDIATION_SECURITY_ERROR_CWSIZ0022E", e2);
                    stopReason = StopReasonFactory.create(TraceConstants.SIB_MEDIATION_DESTINATION_IMPL_MESSAGES, "MEDIATION_SECURITY_ERROR_CWSIZ0022E", new Object[]{e2}, false);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "start", stopReason);
        }
        return stopReason;
    }

    @Override // com.ibm.wsspi.sib.mediation.runtime.ContextElementHandler
    public void complete(Map map) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "complete", new Object[]{this, map});
        }
        try {
            if (map.get(getClass().getName()) != null) {
                getHelper().popRunAs();
            }
        } catch (SecurityContextException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.mediation.runtime.SecurityContextHandler.complete", "92", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(this, _tc, "The security context handler failed to remove the security context");
            }
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "absorbing", e);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "complete");
        }
    }

    @Override // com.ibm.wsspi.sib.mediation.runtime.ContextElementHandler
    public void fail(Map map) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "fail", new Object[]{this, map});
        }
        try {
            if (map.get(getClass().getName()) != null) {
                getHelper().popRunAs();
            }
        } catch (SecurityContextException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.mediation.runtime.SecurityContextHandler.fail", "122", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(this, _tc, "The security context handler failed to remove the security context");
            }
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "absorbing", e);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "fail");
        }
    }

    @Override // com.ibm.wsspi.sib.mediation.runtime.ContextElementHandler
    public void preDispatch(SIBusMessage sIBusMessage, DestinationDefinition destinationDefinition, JsMessagingEngine jsMessagingEngine, Map map) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(this, _tc, "preDispatch has been called");
        }
    }

    private AuthenticationData getAuthData(String str, String str2) {
        AuthenticationData authenticationData;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getAuthData", new Object[]{this, str, str2});
        }
        if (_authDataCache.containsKey(str2)) {
            authenticationData = _authDataCache.get(str2);
        } else {
            authenticationData = AuthUtilsFactory.getInstance().getAuthUtils().getAuthenticationData(str, str2);
            if (authenticationData != null) {
                _authDataCache.put(str2, authenticationData);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getAuthData", authenticationData);
        }
        return authenticationData;
    }

    private SecurityContextHelper getHelper() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getHelper", this);
        }
        if (_helper == null) {
            _helper = SecurityContextFactory.getInstance().createNewSecurityContextHelper();
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getHelper", _helper);
        }
        return _helper;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, _sourceInfo);
        }
        _authDataCache = new HashMap();
    }
}
