package com.ibm.ws.sib.security.auth.login;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.sib.api.jms.StringArrayWrapper;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.auth.AuthUtilsFactory;
import com.ibm.ws.sib.security.auth.LoginType;
import com.ibm.ws.sib.security.auth.SIBPrincipal;
import com.ibm.ws.sib.security.auth.SIBSubject;
import com.ibm.ws.sib.security.auth.SIBSubjectImpl;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/ws/sib/security/auth/login/LTPALoginAction.class */
public class LTPALoginAction extends AbstractLoginAction {
    private static final TraceComponent _tc = SibTr.register(LTPALoginAction.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    private String _userName;
    private String _busName;
    private static SIBSubject _serverSubject;
    private static final String _cellName;
    private List<TokenHolder> _tokenList;
    public static final String $sccsid = "@(#) 1.15 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/login/LTPALoginAction.java, SIB.security, WAS855.SIB, cf111646.01 09/02/25 07:57:02 [11/14/16 16:16:50]";

    public LTPALoginAction(String str, byte[] bArr) {
        super(str);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "LTPALoginAction", new Object[]{str, bArr});
        }
        this._busName = str;
        try {
            this._tokenList = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(bArr);
        } catch (WSSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "unable to do LTPA based login", e);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "LTPALoginAction", this);
        }
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    protected SIBSubject login() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "login");
        }
        SIBSubject sIBSubject = null;
        SIBSubject sIBSubject2 = null;
        String str = null;
        if (this._tokenList != null) {
            for (TokenHolder tokenHolder : this._tokenList) {
                if (tokenHolder.getName().equals("LtpaToken")) {
                    byte[] bytes = tokenHolder.getBytes();
                    try {
                        str = WSSecurityPropagationHelper.validateLTPAToken(bytes);
                        String substring = (str == null || !str.contains("/")) ? str : str.substring(str.indexOf(47) + 1);
                        if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                            SibTr.event(_tc, "the user unique identity is " + str);
                        }
                        if (("SIBServer:" + _cellName + StringArrayWrapper.BUS_SEPARATOR + this._busName).equals(substring)) {
                            sIBSubject = SIBSubjectImpl.create(AuthUtilsFactory.getInstance().getAuthUtils().getSIBServerSubject());
                        } else if (substring == null || substring.startsWith("SIBServer:")) {
                            sIBSubject = null;
                        } else {
                            ContextManager contextManager = getContextManager();
                            String defaultRealm = contextManager.getDefaultRealm();
                            contextManager.put(WSOpaqueTokenHelper.getInstance().getOpaqueTokenLookup(), this._tokenList);
                            sIBSubject2 = SIBSubjectImpl.create(contextManager.login(defaultRealm, bytes, "system.DEFAULT", (HttpServletRequest) null, (HttpServletResponse) null, (Map) null));
                        }
                    } catch (WSLoginFailedException e) {
                        if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                            SibTr.event(_tc, "unable to do LTPA based login", e);
                        }
                    }
                }
            }
        }
        if (this._tokenList != null && sIBSubject2 != null) {
            String subjectUniqueIdentity = getSubjectUniqueIdentity(_serverSubject);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "OAT Identity : " + str + "  Server Identity: " + subjectUniqueIdentity);
            }
            if (str == null || !(getContextManager().isInternalServerId(str) || str.equals(subjectUniqueIdentity))) {
                this._userName = sIBSubject2.getUserName();
                try {
                    sIBSubject = convertSubject(sIBSubject2, new SIBPrincipal(getUniqueUserName(sIBSubject2), false, true));
                } catch (GeneralSecurityException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.sib.security.auth.login.LTPALoginAction.login", "256", this);
                    sIBSubject = null;
                }
            } else {
                sIBSubject = createHostServerSubject();
                this._userName = sIBSubject.getUserName();
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "login", sIBSubject);
        }
        return sIBSubject;
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    public String getUserName() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getUserName");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getUserName", this._userName);
        }
        return this._userName;
    }

    private String getSubjectUniqueIdentity(SIBSubject sIBSubject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getSubjectUniqueIdentity", new Object[]{sIBSubject});
        }
        String str = null;
        if (sIBSubject != null) {
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(sIBSubject.getSubject());
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "isAuthenticated: " + wSCredentialFromSubject.isUnauthenticated() + "  isCurrent: " + wSCredentialFromSubject.isCurrent());
            }
            if (wSCredentialFromSubject != null && !wSCredentialFromSubject.isUnauthenticated() && wSCredentialFromSubject.isCurrent()) {
                try {
                    str = wSCredentialFromSubject.getRealmUniqueSecurityName();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.login.LTPALoginAction.getSubjectUniqueIdentity", "321", this);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getSubjectUniqueIdentity", str);
        }
        return str;
    }

    @Override // com.ibm.ws.sib.security.auth.login.AbstractLoginAction
    public LoginType getLoginType() {
        return LoginType.LTPA;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "<clinit>");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "Source Info: @(#) 1.15 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/login/LTPALoginAction.java, SIB.security, WAS855.SIB, cf111646.01 09/02/25 07:57:02 [11/14/16 16:16:50]");
        }
        _cellName = AdminServiceFactory.getAdminService().getCellName();
        try {
            _serverSubject = SIBSubjectImpl.create(getContextManager().getServerSubject());
        } catch (WSSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Unable to get Server Subject");
            }
            _serverSubject = null;
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "<clinit>");
        }
    }
}
