package com.ibm.ws.sib.security.auth;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.channel.framework.ChainData;
import com.ibm.websphere.channel.framework.ChannelData;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.sib.mediation.handler.SIMediationHandlerConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.UserRegistryConfig;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AuthData;
import com.ibm.ws.sib.admin.JsAdminService;
import com.ibm.ws.sib.admin.JsBus;
import com.ibm.ws.sib.admin.JsPermittedChainUsage;
import com.ibm.ws.sib.admin.SIBExceptionBusNotFound;
import com.ibm.ws.sib.api.jms.StringArrayWrapper;
import com.ibm.ws.sib.jfapchannel.JFapChannelConstants;
import com.ibm.ws.sib.mfp.JsMessage;
import com.ibm.ws.sib.security.BusSecurityAction;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.BusSecurityExceptionAction;
import com.ibm.ws.sib.security.auth.login.SubjectBasedLoginAction;
import com.ibm.ws.sib.security.impl.BusUtilities;
import com.ibm.ws.sib.utils.SIBVersionInfo;
import com.ibm.ws.sib.utils.Version;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.wsspi.channel.framework.ChannelFrameworkService;
import com.ibm.wsspi.security.auth.callback.WSCallbackHandlerFactory;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Queue;
import java.util.Set;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/ibm/ws/sib/security/auth/AuthUtilsImpl.class */
public class AuthUtilsImpl implements AuthUtils {
    public static final String $sccsid = "@(#) 1.70 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/AuthUtilsImpl.java, SIB.security, WAS855.SIB, cf111646.01 13/08/18 23:10:23 [11/14/16 15:55:56]";
    private ChannelFrameworkService _channelFramework;
    private Map<String, Boolean> _busSecurityCache = new HashMap();
    private Queue<PropertyChangeListener> _listeners = new ConcurrentLinkedQueue();
    private static TraceComponent _tc = SibTr.register(AuthUtilsImpl.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    private static Subject _sibServerSubject = null;
    private static Subject _serverSubject = null;
    private static Subject _hostSubject = null;
    private static final AuthPermission GET_SUBJECT_PERM = new AuthPermission(BusSecurityConstants.SIB_GET_SERVER_PERM);

    /* loaded from: input_file:com/ibm/ws/sib/security/auth/AuthUtilsImpl$GetRealmAction.class */
    private static final class GetRealmAction implements BusSecurityAction<String> {
        private static final TraceComponent _innerTc = SibTr.register(GetRealmAction.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);

        private GetRealmAction() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.ibm.ws.sib.security.BusSecurityAction
        public String run() {
            if (TraceComponent.isAnyTracingEnabled() && _innerTc.isEntryEnabled()) {
                SibTr.entry(this, _innerTc, "run");
            }
            String str = "/";
            SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
            UserRegistryConfig userRegistryConfig = null;
            UserRegistry userRegistry = null;
            if (securityConfig != null) {
                userRegistryConfig = securityConfig.getActiveUserRegistry();
            } else if (TraceComponent.isAnyTracingEnabled() && _innerTc.isDebugEnabled()) {
                SibTr.debug(this, _innerTc, "The security domain config for the bus cannot be located.");
            }
            if (userRegistryConfig != null) {
                userRegistry = (UserRegistry) userRegistryConfig.getUserRegistryImpl();
            } else if (TraceComponent.isAnyTracingEnabled() && _innerTc.isDebugEnabled()) {
                SibTr.debug(this, _innerTc, "The user registry config cannot be located");
            }
            if (userRegistry != null) {
                try {
                    str = userRegistry.getRealm() + "/";
                } catch (CustomRegistryException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.GetRealmAction.run", "1045", this);
                } catch (RemoteException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.GetRealmAction.run", "1049", this);
                }
            } else if (TraceComponent.isAnyTracingEnabled() && _innerTc.isDebugEnabled()) {
                SibTr.debug(this, _innerTc, "The user registry cannot be located");
            }
            if (TraceComponent.isAnyTracingEnabled() && _innerTc.isEntryEnabled()) {
                SibTr.exit(this, _innerTc, "run", str);
            }
            return str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticationData getAuthenticationData(String str) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getAuthenticationData", str);
        }
        AuthData authDataInt = WSDefaultPrincipalMapping.getAuthDataInt(str);
        AuthenticationDataImpl authenticationDataImpl = authDataInt != null ? new AuthenticationDataImpl(str, authDataInt) : null;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getAuthenticationData", authenticationDataImpl);
        }
        return authenticationDataImpl;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public AuthenticationData getAuthenticationData(String str, final String str2) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getAuthenticationData", new Object[]{str, str2});
        }
        AuthenticationData authenticationData = str != null ? (AuthenticationData) BusUtilities.doInBusDomain(str, new BusSecurityAction<AuthenticationData>() { // from class: com.ibm.ws.sib.security.auth.AuthUtilsImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.ibm.ws.sib.security.BusSecurityAction
            public AuthenticationData run() {
                if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                    SibTr.entry(this, AuthUtilsImpl._tc, "run");
                }
                AuthenticationData authenticationData2 = AuthUtilsImpl.this.getAuthenticationData(str2);
                if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                    SibTr.exit(this, AuthUtilsImpl._tc, "run", authenticationData2);
                }
                return authenticationData2;
            }
        }) : getAuthenticationData(str2);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getAuthenticationData", authenticationData);
        }
        return authenticationData;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isPermittedChain(String str) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isPermittedChain", new Object[]{str});
        }
        boolean z = false;
        if (JFapChannelConstants.CHAIN_NAME_TCPPROXYBRIDGESERVICE_INBOUND.equals(str) || JFapChannelConstants.CHAIN_NAME_TCPPROXYBRIDGESERVICE_OUTBOUND.equals(str)) {
            z = true;
        } else {
            Iterator<String> it = JsAdminService.getInstance().listDefinedBuses().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isPermittedChain(it.next(), str)) {
                    z = true;
                    break;
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isPermittedChain", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isPermittedChain(String str, String str2) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isPermittedChain", new Object[]{str, str2});
        }
        boolean z = false;
        if (JFapChannelConstants.CHAIN_NAME_TCPPROXYBRIDGESERVICE_INBOUND.equals(str2) || JFapChannelConstants.CHAIN_NAME_TCPPROXYBRIDGESERVICE_OUTBOUND.equals(str2)) {
            z = true;
        } else {
            try {
                JsBus definedBus = JsAdminService.getInstance().getDefinedBus(str);
                JsPermittedChainUsage permittedChainUsage = definedBus.getPermittedChainUsage();
                if (permittedChainUsage == JsPermittedChainUsage.ALL) {
                    z = true;
                } else if (permittedChainUsage == JsPermittedChainUsage.SSL_ENABLED) {
                    if (this._channelFramework == null) {
                        this._channelFramework = (ChannelFrameworkService) JsAdminService.getInstance().getService(ChannelFrameworkService.class);
                    }
                    if (this._channelFramework != null) {
                        ChainData chain = this._channelFramework.getChain(str2);
                        if (chain != null) {
                            ChannelData[] channelList = chain.getChannelList();
                            for (int i = 0; i < channelList.length && !z; i++) {
                                z = JFapChannelConstants.CLASS_SSL_CHANNEL_FACTORY.equals(channelList[i].getFactoryType().getName());
                            }
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                        SibTr.debug(_tc, "The channel framework service cannot be found");
                    }
                } else if (permittedChainUsage == JsPermittedChainUsage.LISTED) {
                    z = definedBus.getPermittedChains().contains(str2);
                }
            } catch (SIBExceptionBusNotFound e) {
                FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.isPermittedChain", SIMediationHandlerConstants.SI_MESSAGE_CONTEXT_IMPL_161, this);
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "The bus " + str + " could not be found");
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isPermittedChain", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public Subject getSIBServerSubject() throws SecurityException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getSIBServerSubject");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Performing Java 2 Security Permission Check ...");
                SibTr.debug(_tc, "Expecting : " + GET_SUBJECT_PERM.toString());
            }
            securityManager.checkPermission(GET_SUBJECT_PERM);
        }
        synchronized (AuthUtilsImpl.class) {
            if (_sibServerSubject == null) {
                initializeSIBServerSubject();
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getSIBServerSubject", getTraceString(_sibServerSubject));
        }
        return _sibServerSubject;
    }

    private static void initializeSIBServerSubject() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "initializeSIBServerSubject");
        }
        _sibServerSubject = SubjectHelper.createBasicAuthSubject(BusSecurityConstants.SIB_REALM_NAME, BusSecurityConstants.SIB_SERVER_NAME, "");
        _sibServerSubject.getPrincipals().add(new SIBPrincipal(BusSecurityConstants.SIB_SERVER_NAME, true, true));
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "initializeSIBServerSubject");
        }
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public Subject getServerSubject() throws SIBSecurityException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getServerSubject");
        }
        synchronized (AuthUtilsImpl.class) {
            if (_hostSubject == null) {
                try {
                    initializeServerSubject();
                } catch (SIBSecurityException e) {
                    if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                        SibTr.exit(this, _tc, "getServerSubject", e);
                    }
                    throw e;
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getServerSubject", getTraceString(_hostSubject));
        }
        return _hostSubject;
    }

    private static void initializeServerSubject() throws SIBSecurityException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "initializeServerSubject");
        }
        try {
            _serverSubject = ContextManagerFactory.getInstance().getServerSubject();
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.sib.security.auth.AuthUtilsImpl.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.entry(this, AuthUtilsImpl._tc, "run");
                    }
                    Subject unused = AuthUtilsImpl._hostSubject = SubjectBasedLoginAction.createHostServerSubject().getSubject();
                    AuthUtilsImpl._hostSubject.getPrivateCredentials().add(new AuditMetaDataImpl(null, null, null, BusSecurityConstants.HOST_ID_NAME, BusSecurityConstants.HOST_ID_NAME));
                    if (!TraceComponent.isAnyTracingEnabled() || !AuthUtilsImpl._tc.isEntryEnabled()) {
                        return null;
                    }
                    SibTr.exit(this, AuthUtilsImpl._tc, "run", (Object) null);
                    return null;
                }
            });
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                SibTr.exit(_tc, "initializeServerSubject");
            }
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.initializeServerSubject", "463");
            SIBSecurityException sIBSecurityException = new SIBSecurityException((Throwable) e);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                SibTr.exit(_tc, "initializeServerSubject", sIBSecurityException);
            }
            throw sIBSecurityException;
        }
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public String getUserName(Subject subject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getUserName", getTraceString(subject));
        }
        String str = null;
        boolean z = false;
        if (subject != null) {
            Iterator it = subject.getPrincipals(SIBPrincipal.class).iterator();
            if (it.hasNext()) {
                str = ((Principal) it.next()).getName();
                z = true;
            }
            if (!z) {
                Iterator it2 = subject.getPrincipals(WSPrincipal.class).iterator();
                if (it2.hasNext()) {
                    str = WSSecurityPropagationHelper.getUserFromUniqueID(((Principal) it2.next()).getName());
                }
            }
        }
        if (str == null) {
            str = "";
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getUserName", str);
        }
        return str;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isBusSecure(String str) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isBusSecure", str);
        }
        boolean z = true;
        if (this._busSecurityCache.containsKey(str)) {
            z = this._busSecurityCache.get(str).booleanValue();
        } else {
            try {
                z = JsAdminService.getInstance().getDefinedBus(str).isSecure();
                this._busSecurityCache.put(str, Boolean.valueOf(z));
            } catch (SIBExceptionBusNotFound e) {
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "There is no bus, so we treat it as secure.");
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isBusSecure", Boolean.valueOf(z));
        }
        return z;
    }

    public static String getbusDomainName(String str) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "getbusDomainName", str);
        }
        String str2 = null;
        try {
            str2 = JsAdminService.getInstance().getDefinedBus(str).getBusDomainName();
        } catch (SIBExceptionBusNotFound e) {
            SibTr.exception(_tc, e);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "getbusDomainName", str2);
        }
        return str2;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isServerSecure() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isServerSecure");
        }
        boolean isServerSecurityEnabled = WSSecurityHelper.isServerSecurityEnabled();
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isServerSecure", Boolean.valueOf(isServerSecurityEnabled));
        }
        return isServerSecurityEnabled;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isSIBServerSubject(Subject subject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isSIBServerSubject", getTraceString(subject));
        }
        boolean z = false;
        if (_sibServerSubject != null) {
            z = subject == _sibServerSubject;
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled() && !z && claimsToBeSIBServerSubject(SIBSubjectImpl.create(subject))) {
            SibTr.debug(this, _tc, "We were passed a fake SIB Server subject!", subject);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isSIBServerSubject", Boolean.valueOf(z));
        }
        return z;
    }

    private boolean claimsToBeSIBServerSubject(SIBSubject sIBSubject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "claimsToBeSIBServerSubject", sIBSubject);
        }
        boolean equals = BusSecurityConstants.SIB_SERVER_NAME.equals(sIBSubject.getAuthenticatedUserName());
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "claimsToBeSIBServerSubject", Boolean.valueOf(equals));
        }
        return equals;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean isServerSubject(Subject subject) {
        Set principals;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isServerSubject", new Object[]{getTraceString(subject)});
        }
        boolean z = false;
        if (subject != null && (principals = subject.getPrincipals(SIBPrincipal.class)) != null && !principals.isEmpty()) {
            z = BusSecurityConstants.HOST_ID_NAME.equals(((SIBPrincipal) principals.iterator().next()).getName());
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isServerSubject", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean sentBySIBServer(JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "sentBySIBServer", getTraceString(jsMessage));
        }
        boolean z = false;
        String securityUserid = jsMessage.getSecurityUserid();
        if (securityUserid != null && securityUserid.equals(BusSecurityConstants.SIB_SERVER_NAME)) {
            z = jsMessage.isSecurityUseridSentBySystem();
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                if (z) {
                    SibTr.debug(_tc, "message sent by SIB Server");
                } else {
                    SibTr.debug(_tc, "message not sent by SIB Server");
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "sentBySIBServer", Boolean.valueOf(z));
        }
        return z;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public boolean sentByHostServer(JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "sentByHostServer", getTraceString(jsMessage));
        }
        boolean z = false;
        String securityUserid = jsMessage.getSecurityUserid();
        if (securityUserid != null && securityUserid.equals(BusSecurityConstants.HOST_ID_NAME)) {
            z = jsMessage.isSecurityUseridSentBySystem();
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                if (z) {
                    SibTr.debug(_tc, "message sent by Host Server");
                } else {
                    SibTr.debug(_tc, "message not sent by Host Server");
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "sentByHostServer", Boolean.valueOf(z));
        }
        return z;
    }

    public String getAuthenticatedUserName(Subject subject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getAuthenticatedUserName", getTraceString(subject));
        }
        String str = null;
        if (subject != null) {
            boolean z = false;
            Iterator it = subject.getPrincipals(SIBPrincipal.class).iterator();
            if (it.hasNext()) {
                SIBPrincipal sIBPrincipal = (SIBPrincipal) it.next();
                if (sIBPrincipal.isAuthenticated()) {
                    str = sIBPrincipal.getName();
                }
                z = true;
            }
            if (!z) {
                FFDCFilter.processException(new Exception("Unable to find a user name in subject " + Integer.toHexString(subject.hashCode())), "com.ibm.ws.sib.security.auth.AuthUtilsImpl.getAuthenticatedUserName", "453", this);
            }
        }
        if (str == null) {
            str = "";
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getAuthenticatedUserName", str);
        }
        return str;
    }

    public String getTraceString(JsMessage jsMessage) {
        return jsMessage != null ? jsMessage.getSystemMessageId() : "<null>";
    }

    public String getTraceString(Subject subject) {
        return subject != null ? "Subject hashcode=0x" + Integer.toHexString(subject.hashCode()) : "<null>";
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public byte[] getOpaqueAuthorizationToken(String str, Version version, Subject subject) throws SIBSecurityException {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getOpaqueAuthorizationToken", new Object[]{str, version, getTraceString(subject)});
        }
        byte[] bArr = new byte[0];
        if (WSSecurityHelper.isGlobalSecurityEnabled()) {
            if (isServerSubject(subject)) {
                subject = _serverSubject;
            } else if (isSIBServerSubject(subject)) {
                String str2 = SIBVersionInfo.MULTI_DOMAIN.getVersion().compareTo(version) <= 0 ? (String) BusUtilities.doInBusDomain(str, new GetRealmAction()) : "";
                String cellName = AdminServiceFactory.getAdminService().getCellName();
                Hashtable hashtable = new Hashtable();
                hashtable.put("com.ibm.wsspi.security.cred.uniqueId", str2 + "SIBServer:" + cellName + StringArrayWrapper.BUS_SEPARATOR + str);
                hashtable.put("com.ibm.wsspi.security.cred.securityName", str2 + "SIBServer:" + cellName + StringArrayWrapper.BUS_SEPARATOR + str);
                subject = new Subject();
                subject.getPublicCredentials().add(hashtable);
                try {
                    LoginContext loginContext = new LoginContext("system.DEFAULT", subject, WSCallbackHandlerFactory.getInstance().getCallbackHandler("what", (String) null));
                    loginContext.login();
                    subject = loginContext.getSubject();
                } catch (LoginException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.getOpaqueAuthorizationToken", "929", this);
                    if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                        SibTr.event(_tc, "Unable to create SIB Server subject for bus " + str, e);
                    }
                }
            }
            try {
                bArr = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(subject);
            } catch (WSLoginFailedException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.getOpaqueAuthorizationToken", "647", this);
                SIBSecurityException sIBSecurityException = new SIBSecurityException((Throwable) e2);
                if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                    SibTr.exit(this, _tc, "getOpaqueAuthorizationToken", sIBSecurityException);
                }
                throw sIBSecurityException;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getOpaqueAuthorizationToken", bArr);
        }
        return bArr;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public String getSecurityIDFromMessage(JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getSecurityIDFromMessage", getTraceString(jsMessage));
        }
        String securityUserid = jsMessage != null ? jsMessage.getSecurityUserid() : "";
        if (securityUserid == null) {
            securityUserid = "";
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getSecurityIDFromMessage", securityUserid);
        }
        return securityUserid;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public void setSecurityIDInMessage(String str, String str2, JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "setSecurityIDInMessage", new Object[]{str, str2, getTraceString(jsMessage)});
        }
        if (jsMessage != null) {
            if (isBusSecure(str)) {
                String securityUserid = jsMessage.getSecurityUserid();
                if ((securityUserid == null && str2 != null) || (securityUserid != null && !securityUserid.equals(str2))) {
                    if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                        SibTr.debug(_tc, "setting userId '" + str2 + "' in message");
                    }
                    jsMessage.setSecurityUserid(str2);
                } else if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "userId '" + str2 + "' is already in message, not changing it");
                }
                if (jsMessage.isSecurityUseridSentBySystem()) {
                    jsMessage.setSecurityUseridSentBySystem(false);
                }
            } else {
                jsMessage.setSecurityUserid(null);
                jsMessage.setSecurityUseridSentBySystem(false);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "setSecurityIDInMessage");
        }
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public void setSecurityIDInMessage(String str, Subject subject, JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "setSecurityIDInMessage", new Object[]{str, getTraceString(subject), getTraceString(jsMessage)});
        }
        if (jsMessage != null) {
            if (isBusSecure(str)) {
                String authenticatedUserName = getAuthenticatedUserName(subject);
                boolean z = isSIBServerSubject(subject) || isServerSubject(subject);
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    if (isSIBServerSubject(subject)) {
                        SibTr.debug(_tc, "SIB Server ID set into message " + jsMessage.getSystemMessageId());
                    } else if (isServerSubject(subject)) {
                        SibTr.debug(_tc, "Host Server ID set into message " + jsMessage.getSystemMessageId());
                    } else {
                        SibTr.debug(_tc, "user name '" + authenticatedUserName + "' set into message " + jsMessage.getSystemMessageId());
                    }
                }
                jsMessage.setSecurityUserid(authenticatedUserName);
                jsMessage.setSecurityUseridSentBySystem(z);
                AuditMetaData auditMetaDataFromSubject = getAuditMetaDataFromSubject(SIBSubjectImpl.create(subject));
                if (auditMetaDataFromSubject != null) {
                    jsMessage.setAuditSessionId(auditMetaDataFromSubject.getSessionID());
                }
            } else {
                jsMessage.setSecurityUserid(null);
                jsMessage.setSecurityUseridSentBySystem(false);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "setSecurityIDInMessage");
        }
    }

    private static AuditMetaData getAuditMetaDataFromSubject(final SIBSubject sIBSubject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "getAuditMetaDataFromSubject", sIBSubject);
        }
        AuditMetaData auditMetaData = null;
        if (sIBSubject != null) {
            Set set = (Set) AccessController.doPrivileged(new PrivilegedAction<Set<AuditMetaData>>() { // from class: com.ibm.ws.sib.security.auth.AuthUtilsImpl.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Set<AuditMetaData> run() {
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.entry(this, AuthUtilsImpl._tc, "run");
                    }
                    Set<AuditMetaData> privateCredentials = SIBSubject.this.getPrivateCredentials(AuditMetaData.class);
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.exit(this, AuthUtilsImpl._tc, "run", privateCredentials);
                    }
                    return privateCredentials;
                }
            });
            if (!set.isEmpty()) {
                auditMetaData = (AuditMetaData) set.iterator().next();
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "getAuditMetaDataFromSubject", auditMetaData);
        }
        return auditMetaData;
    }

    public void busChanged(String str) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "busChanged", str);
        }
        PropertyChangeEvent propertyChangeEvent = new PropertyChangeEvent(this, "permittedChains", null, null);
        Iterator<PropertyChangeListener> it = this._listeners.iterator();
        while (it.hasNext()) {
            it.next().propertyChange(propertyChangeEvent);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "busChanged");
        }
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public void addPropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "addPropertyChangeListener", propertyChangeListener);
        }
        this._listeners.add(propertyChangeListener);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "addPropertyChangeListener");
        }
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public void removePropertyChangeListner(PropertyChangeListener propertyChangeListener) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "removePropertyChangeListner", propertyChangeListener);
        }
        this._listeners.remove(propertyChangeListener);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "removePropertyChangeListner");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public <T> T runAsSystem(final BusSecurityAction<T> busSecurityAction) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "runAsSystem", busSecurityAction);
        }
        T t = null;
        try {
            t = ContextManagerFactory.getInstance().runAsSystem(new PrivilegedExceptionAction<T>() { // from class: com.ibm.ws.sib.security.auth.AuthUtilsImpl.4
                @Override // java.security.PrivilegedExceptionAction
                public T run() throws Exception {
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.entry(this, AuthUtilsImpl._tc, "run");
                    }
                    T t2 = (T) busSecurityAction.run();
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.exit(this, AuthUtilsImpl._tc, "run", t2);
                    }
                    return t2;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.security.auth.AuthUtilsImpl.runAsSystem", "1414", this);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "runAsSystem", t);
        }
        return t;
    }

    @Override // com.ibm.ws.sib.security.auth.AuthUtils
    public <T, E extends Exception> T runAsSystem(final BusSecurityExceptionAction<T, E> busSecurityExceptionAction) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "runAsSystem", busSecurityExceptionAction);
        }
        try {
            T t = (T) ContextManagerFactory.getInstance().runAsSystem(new PrivilegedExceptionAction<T>() { // from class: com.ibm.ws.sib.security.auth.AuthUtilsImpl.5
                @Override // java.security.PrivilegedExceptionAction
                public T run() throws Exception {
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.entry(this, AuthUtilsImpl._tc, "run");
                    }
                    T t2 = (T) busSecurityExceptionAction.run();
                    if (TraceComponent.isAnyTracingEnabled() && AuthUtilsImpl._tc.isEntryEnabled()) {
                        SibTr.exit(this, AuthUtilsImpl._tc, "run", t2);
                    }
                    return t2;
                }
            });
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                SibTr.exit(this, _tc, "runAsSystem", t);
            }
            return t;
        } catch (PrivilegedActionException e) {
            try {
                Exception exception = e.getException();
                if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                    SibTr.exit(this, _tc, "runAsSystem", exception);
                }
                throw exception;
            } catch (ClassCastException e2) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.sib.security.auth.AuthUtilsImpl.runAsSystem", "1453", this);
                e2.initCause(e.getException());
                if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
                    SibTr.exit(this, _tc, "runAsSystem", e2);
                }
                throw e2;
            }
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "Source Info: @(#) 1.70 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/AuthUtilsImpl.java, SIB.security, WAS855.SIB, cf111646.01 13/08/18 23:10:23 [11/14/16 15:55:56]");
        }
    }
}
