package com.ibm.ws.sib.security.impl;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.sib.api.jms.StringArrayWrapper;
import com.ibm.ws.sib.comms.ConnectionMetaData;
import com.ibm.ws.sib.security.BusSecurityAction;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.MessagingEngineIdentity;
import com.ibm.ws.sib.security.TokenFormat;
import com.ibm.ws.sib.security.auth.AuditLogger;
import com.ibm.ws.sib.security.auth.AuditMetaDataImpl;
import com.ibm.ws.sib.security.auth.AuthUtilsFactory;
import com.ibm.ws.sib.security.auth.LoginType;
import com.ibm.ws.sib.security.auth.SIBSecurityException;
import com.ibm.ws.sib.utils.SIBUuid8;
import com.ibm.ws.sib.utils.SIBVersionInfo;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.wsspi.security.auth.callback.WSCallbackHandlerFactory;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.ListIterator;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/ibm/ws/sib/security/impl/MessagingEngineIdentityImpl.class */
public class MessagingEngineIdentityImpl implements MessagingEngineIdentity {
    private static final TraceComponent _tc = SibTr.register(MessagingEngineIdentityImpl.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    public static final String $sccsid = "@(#) 1.13 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/impl/MessagingEngineIdentityImpl.java, SIB.security, WAS855.SIB, cf111646.01 10/08/26 10:27:12 [11/14/16 16:16:32]";
    private static final String CELL_NAME = "CELL_NAME";
    private static final String BUS_NAME = "BUS_NAME";
    private static final String ME_NAME = "ME_NAME";
    private static final String ME_UUID = "ME_UUID";
    private static final String ME_VERSION = "ME_VERSION";
    private static final String LTPA_OID = "oid:1.3.18.0.2.30.2";
    private static final String _cellName;
    private String _busName;
    private String _engineName;
    private SIBUuid8 _engineUUID;
    private String _engineVersion;

    public MessagingEngineIdentityImpl(String str, String str2, SIBUuid8 sIBUuid8, String str3) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "MessagingEngineIdentityImpl", new Object[]{str, str2, sIBUuid8, str3});
        }
        this._busName = str;
        this._engineName = str2;
        this._engineUUID = sIBUuid8;
        this._engineVersion = str3;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "MessagingEngineIdentityImpl", this);
        }
    }

    @Override // com.ibm.ws.sib.security.MessagingEngineIdentity
    public String getName() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getName");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getName", this._engineName);
        }
        return this._engineName;
    }

    @Override // com.ibm.ws.sib.security.MessagingEngineIdentity
    public SIBUuid8 getUuid() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getUuid");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getUuid", this._engineUUID);
        }
        return this._engineUUID;
    }

    @Override // com.ibm.ws.sib.security.MessagingEngineIdentity
    public String getBusName() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getBusName");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getBusName", this._busName);
        }
        return this._busName;
    }

    @Override // com.ibm.ws.sib.security.MessagingEngineIdentity
    public String getVersion() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "getVersion");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "getVersion", this._engineVersion);
        }
        return this._engineVersion;
    }

    @Override // com.ibm.ws.sib.security.MessagingEngineIdentity
    public byte[] toBytes(TokenFormat tokenFormat) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "toBytes", tokenFormat);
        }
        byte[] bArr = (byte[]) BusUtilities.doInBusDomain(this._busName, new BusSecurityAction<byte[]>() { // from class: com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.ibm.ws.sib.security.BusSecurityAction
            public byte[] run() {
                if (TraceComponent.isAnyTracingEnabled() && MessagingEngineIdentityImpl._tc.isEntryEnabled()) {
                    SibTr.entry(this, MessagingEngineIdentityImpl._tc, "run");
                }
                byte[] bytesInDomain = MessagingEngineIdentityImpl.this.toBytesInDomain();
                if (TraceComponent.isAnyTracingEnabled() && MessagingEngineIdentityImpl._tc.isEntryEnabled()) {
                    SibTr.exit(this, MessagingEngineIdentityImpl._tc, "run", bytesInDomain);
                }
                return bytesInDomain;
            }
        });
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "toBytes", bArr);
        }
        return bArr;
    }

    public static MessagingEngineIdentity fromBytes(TokenFormat tokenFormat, final byte[] bArr, final String str, final ConnectionMetaData connectionMetaData) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "fromBytes", new Object[]{tokenFormat, bArr, str, connectionMetaData});
        }
        MessagingEngineIdentity messagingEngineIdentity = null;
        if (tokenFormat == TokenFormat.LTPA && bArr != null) {
            messagingEngineIdentity = (MessagingEngineIdentity) BusUtilities.doInBusDomain(str, new BusSecurityAction<MessagingEngineIdentity>() { // from class: com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.ibm.ws.sib.security.BusSecurityAction
                public MessagingEngineIdentity run() {
                    if (TraceComponent.isAnyTracingEnabled() && MessagingEngineIdentityImpl._tc.isEntryEnabled()) {
                        SibTr.entry(this, MessagingEngineIdentityImpl._tc, "run");
                    }
                    MessagingEngineIdentity fromBytesInDomain = MessagingEngineIdentityImpl.fromBytesInDomain(bArr, str, connectionMetaData);
                    if (TraceComponent.isAnyTracingEnabled() && MessagingEngineIdentityImpl._tc.isEntryEnabled()) {
                        SibTr.exit(this, MessagingEngineIdentityImpl._tc, "run", fromBytesInDomain);
                    }
                    return fromBytesInDomain;
                }
            });
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "fromBytes", messagingEngineIdentity);
        }
        return messagingEngineIdentity;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] toBytesInDomain() {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "toBytesInDomain");
        }
        byte[] bArr = null;
        try {
            String str = ((UserRegistry) SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getUserRegistryImpl()).getRealm() + "/SIBServer:" + _cellName + StringArrayWrapper.BUS_SEPARATOR + this._busName + StringArrayWrapper.BUS_SEPARATOR + this._engineName;
            Hashtable hashtable = new Hashtable();
            hashtable.put("com.ibm.wsspi.security.cred.uniqueId", str);
            hashtable.put("com.ibm.wsspi.security.cred.securityName", str);
            hashtable.put(CELL_NAME, _cellName);
            hashtable.put("BUS_NAME", this._busName);
            hashtable.put("ME_NAME", this._engineName);
            hashtable.put("ME_UUID", this._engineUUID.toString());
            hashtable.put(ME_VERSION, this._engineVersion);
            Subject subject = new Subject();
            subject.getPublicCredentials().add(hashtable);
            LoginContext loginContext = new LoginContext("system.DEFAULT", subject, WSCallbackHandlerFactory.getInstance().getCallbackHandler("what", (String) null));
            loginContext.login();
            bArr = AuthUtilsFactory.getInstance().getAuthUtils().getOpaqueAuthorizationToken(this._busName, SIBVersionInfo.LTPA_ME_CONNECT.getVersion(), loginContext.getSubject());
        } catch (CustomRegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.toBytesInDomain", "318", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert Messaging engine subject to LTPA token " + this._busName, e);
            }
        } catch (LoginException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.toBytesInDomain", "300", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to create Messaging engine subject for bus " + this._busName, e2);
            }
        } catch (RemoteException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.toBytesInDomain", "327", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert Messaging engine subject to LTPA token " + this._busName, e3);
            }
        } catch (SIBSecurityException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.toBytesInDomain", "309", this);
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert Messaging engine subject to LTPA token " + this._busName, e4);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "toBytesInDomain", bArr);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static MessagingEngineIdentity fromBytesInDomain(byte[] bArr, String str, ConnectionMetaData connectionMetaData) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "fromBytesInDomain", new Object[]{bArr, str});
        }
        MessagingEngineIdentityImpl messagingEngineIdentityImpl = null;
        AuditMetaDataImpl auditMetaDataImpl = null;
        String str2 = null;
        try {
            WSOpaqueTokenHelper wSOpaqueTokenHelper = WSOpaqueTokenHelper.getInstance();
            ArrayList createTokenHolderListFromOpaqueToken = wSOpaqueTokenHelper.createTokenHolderListFromOpaqueToken(bArr);
            if (createTokenHolderListFromOpaqueToken != null) {
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "Token list not null, size: " + createTokenHolderListFromOpaqueToken.size());
                }
                ListIterator listIterator = createTokenHolderListFromOpaqueToken.listIterator();
                TokenHolder tokenHolder = null;
                while (listIterator.hasNext()) {
                    tokenHolder = (TokenHolder) listIterator.next();
                    if (tokenHolder.getName().equals("LtpaToken")) {
                        break;
                    }
                }
                if (tokenHolder != null) {
                    if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                        SibTr.debug(_tc, "LTPA token holder found");
                    }
                    byte[] bytes = tokenHolder.getBytes();
                    str2 = WSSecurityPropagationHelper.validateLTPAToken(bytes);
                    auditMetaDataImpl = new AuditMetaDataImpl(connectionMetaData, str, null, str2, str2);
                    ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                    contextManagerFactory.put(wSOpaqueTokenHelper.getOpaqueTokenLookup(), createTokenHolderListFromOpaqueToken);
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(contextManagerFactory.login(contextManagerFactory.getDefaultRealm(), bytes, LTPA_OID));
                    if (wSCredentialFromSubject != null) {
                        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                            SibTr.debug(_tc, "WSCredential from subject found");
                        }
                        String str3 = (String) wSCredentialFromSubject.get(CELL_NAME);
                        String str4 = (String) wSCredentialFromSubject.get("BUS_NAME");
                        String str5 = (String) wSCredentialFromSubject.get("ME_NAME");
                        SIBUuid8 sIBUuid8 = new SIBUuid8((String) wSCredentialFromSubject.get("ME_UUID"));
                        String str6 = (String) wSCredentialFromSubject.get(ME_VERSION);
                        String str7 = ((UserRegistry) SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getUserRegistryImpl()).getRealm() + "/SIBServer:" + str3 + StringArrayWrapper.BUS_SEPARATOR + str4 + StringArrayWrapper.BUS_SEPARATOR + str5;
                        if (str4.equals(str)) {
                            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                                SibTr.debug(_tc, "Credential bus name matches expected ME bus name");
                            }
                            if (str7.equals(str2) && str3 != null && str3.equals(AdminServiceFactory.getAdminService().getCellName())) {
                                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                                    SibTr.debug(_tc, "Token userId matches expected userId");
                                }
                                messagingEngineIdentityImpl = new MessagingEngineIdentityImpl(str4, str5, sIBUuid8, str6);
                                AuditLogger.authenticationSucceeded(str, LoginType.INTRABUS, str2, auditMetaDataImpl);
                            }
                        }
                    }
                }
            }
        } catch (RemoteException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.fromBytesInDomain", "542");
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert Messaging engine subject from LTPA token.", e);
            }
        } catch (CredentialExpiredException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.fromBytesInDomain", "512");
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert OAT to a MessagingEngineIdentity", e2);
            }
        } catch (WSLoginFailedException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.fromBytesInDomain", "503");
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert OAT to a MessagingEngineIdentity", e3);
            }
        } catch (WSSecurityException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.sib.security.impl.MessagingEngineIdentityImpl.fromBytesInDomain", "494");
            if (TraceComponent.isAnyTracingEnabled() && _tc.isEventEnabled()) {
                SibTr.event(_tc, "Unable to convert OAT to a MessagingEngineIdentity", e4);
            }
        }
        if (messagingEngineIdentityImpl == null) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Messaging engine identity is null, authentication will fail");
            }
            if (auditMetaDataImpl == null) {
                auditMetaDataImpl = new AuditMetaDataImpl(connectionMetaData, str, null, str2, str2);
            }
            AuditLogger.authenticationFailed(str, LoginType.INTRABUS, null, auditMetaDataImpl);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "fromBytesInDomain", messagingEngineIdentityImpl);
        }
        return messagingEngineIdentityImpl;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "<clinit>");
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "Source Info: @(#) 1.13 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/impl/MessagingEngineIdentityImpl.java, SIB.security, WAS855.SIB, cf111646.01 10/08/26 10:27:12 [11/14/16 16:16:32]");
        }
        _cellName = AdminServiceFactory.getAdminService().getCellName();
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "<clinit>");
        }
    }
}
