package com.ibm.ws.sib.webservices.systemhandlers;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.sib.trm.TrmConstantsImpl;
import com.ibm.ws.sib.webservices.Constants;
import com.ibm.ws.sib.webservices.utils.SIBWSSecurityHooks;
import com.ibm.wsspi.exitpoint.systemcontext.SystemContext;
import com.ibm.wsspi.exitpoint.systemcontext.SystemContextHandler;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sib/webservices/systemhandlers/SecurityContextHandler.class */
public class SecurityContextHandler implements SystemContextHandler {
    public static final String $sccsid = "@(#) 1.13 SIB/ws/code/sib.webservices/src/com/ibm/ws/sib/webservices/systemhandlers/SecurityContextHandler.java, SIB.webservices.runtime, WAS855.SIB, cf111646.01 06/04/18 03:39:42 [11/14/16 16:05:36]";
    private static final String SECURITY_CONTEXT_NAME = "com.ibm.ws.sib.webservices.handlers.SecurityContext";
    private static final TraceComponent tc = Tr.register(SecurityContextHandler.class, Constants.MESSAGE_GROUP, "com.ibm.ws.sib.webservices.messages.SIBWSMessages");
    private static ThreadLocal contextObject = new ThreadLocal();

    public SecurityContextHandler() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SecurityContextHandler()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SecurityContextHandler()");
        }
    }

    public boolean insertRequestContext(SystemContext systemContext) {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "insertRequestContext()");
        }
        try {
            Subject runAsSubject = WSSubject.getRunAsSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "insertRequestContext: Got subject", runAsSubject);
            }
            if (runAsSubject != null) {
                byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(runAsSubject);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "insertRequestContext: Created OAT", createOpaqueTokenFromSubject);
                }
                WSSecurityContext wSSecurityContext = SIBWSSecurityHooks.getWSSecurityContext();
                byte[] bArr = null;
                if (wSSecurityContext != null) {
                    String realm = SIBWSSecurityHooks.getRealm();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "insertRequestContext: Got Host", "");
                    }
                    bArr = wSSecurityContext.initSecContext(runAsSubject, "", realm);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "insertRequestContext: Created AT", bArr);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No WSSecurityContext available");
                }
                if (bArr != null) {
                    systemContext.putSystemContextItem(SECURITY_CONTEXT_NAME, new SecurityContextObject(createOpaqueTokenFromSubject, bArr));
                }
            }
            z = true;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.webservices.handlers.SecurityContextHandler.insertRequestContext", "156", this);
            Tr.warning(tc, "CWSWS1007", e);
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "insertRequestContext()", new Boolean(z));
        }
        return z;
    }

    public void insertRequestContextFailed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "insertRequestContextFailed()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "insertRequestContextFailed()");
        }
    }

    public boolean insertResponseContext(SystemContext systemContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "insertResponseContext()");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "insertResponseContext()");
        return true;
    }

    public void insertResponseContextFailed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "insertResponseContextFailed()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "insertResponseContextFailed()");
        }
    }

    public void requestFailed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "requestFailed()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "requestFailed()");
        }
    }

    public void requestSucceeded() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "requestSucceeded()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "requestSucceeded()");
        }
    }

    public void requestSucceeded(SystemContext systemContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "requestSucceeded()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "requestSucceeded()");
        }
    }

    public boolean establishContext(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "establishContext", new Object[]{map, this});
        }
        SecurityContextObject securityContextObject = (SecurityContextObject) map.get(getClass().getName());
        if (securityContextObject != null) {
            contextObject.set(securityContextObject);
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "establishContext", Boolean.TRUE);
        return true;
    }

    public boolean extractContext(SystemContext systemContext, Map map) {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractContext()");
        }
        try {
            SecurityContextObject securityContextObject = (SecurityContextObject) systemContext.getSystemContextItem(SECURITY_CONTEXT_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Got SCO", securityContextObject);
            }
            map.put(getClass().getName(), securityContextObject);
            z = true;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.webservices.handlers.SecurityContextHandler.extractContext", "265", this);
            Tr.warning(tc, "CWSWS1007", e);
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractContext()", new Boolean(z));
        }
        return z;
    }

    public void establishContextFailed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractContextFailed()");
        }
        contextObject.set(null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractContextFailed()");
        }
    }

    public void removeEstablishedContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeExtractedContext()");
        }
        contextObject.set(null);
        ContextManagerFactory.getInstance().put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), (Object) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeExtractedContext()");
        }
    }

    public static void establishContext() throws WSSecurityException, WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "establishContext()");
        }
        SecurityContextObject securityContextObject = (SecurityContextObject) contextObject.get();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Got SCO", securityContextObject);
        }
        if (securityContextObject != null) {
            contextObject.set(null);
            ArrayList createTokenHolderListFromOpaqueToken = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(securityContextObject.OAT);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Got Token Holder List", createTokenHolderListFromOpaqueToken);
            }
            ContextManagerFactory.getInstance().put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Put Token Holder List", createTokenHolderListFromOpaqueToken);
            }
            WSSecurityContext wSSecurityContext = SIBWSSecurityHooks.getWSSecurityContext();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Accepting security context", createTokenHolderListFromOpaqueToken);
            }
            WSSecurityContextResult acceptSecContext = wSSecurityContext.acceptSecContext(securityContextObject.AT);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security context result", acceptSecContext);
            }
            final Subject subject = acceptSecContext.getSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, TrmConstantsImpl.CREDENTIAL_SUBJECT, subject);
            }
            ContextManagerFactory.getInstance().initializeCallerContext(subject);
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.sib.webservices.systemhandlers.SecurityContextHandler.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSSecurityException {
                        WSSubject.setRunAsSubject(subject);
                        if (!SecurityContextHandler.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(SecurityContextHandler.tc, "Runas identity is set.");
                        return null;
                    }
                });
                ContextManagerFactory.getInstance().put("com.ibm.wsspi.wssecurity.username.initialSenderId", subject);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Initial Sender is set.");
                }
            } catch (PrivilegedActionException e) {
                WSSecurityException exception = e.getException();
                Tr.event(tc, "Failed in setting the run as identity: " + exception);
                FFDCFilter.processException(exception, "com.ibm.ws.sib.webservices.handlers.SecurityContextHandler.establishContext", "461");
                throw exception;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "establishContext()");
        }
    }

    public boolean peekContext(Map map) {
        return false;
    }

    public void extractContextFailed() {
    }
}
