package com.ibm.ws.soa.sca.oasis.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.annotation.AlreadyInstrumented;
import com.ibm.ws.ras.annotation.trivial;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.wsspi.container.security.AccessManager;
import com.ibm.wsspi.container.security.AccessManagerFactory;
import javax.security.auth.Subject;
import org.apache.tuscany.sca.interfacedef.Operation;
import org.apache.tuscany.sca.runtime.RuntimeComponent;
import org.oasisopen.sca.ServiceRuntimeException;

@AlreadyInstrumented
/* loaded from: input_file:com/ibm/ws/soa/sca/oasis/security/SecurityPolicyBaseInterceptor.class */
public class SecurityPolicyBaseInterceptor {
    protected RuntimeComponent component;
    protected Operation operation;
    protected String componentName;
    protected ContextManager contextManager;
    protected AccessManager accessManager;
    protected boolean securityEnabled;
    static final long serialVersionUID = 4785726529498175958L;
    private static final /* synthetic */ TraceComponent $$$dynamic$$$trace$$$component$$$ = Tr.register(SecurityPolicyBaseInterceptor.class, (String) null, (String) null);
    private static final String CLASSNAME = SecurityPolicyBaseInterceptor.class.getName();
    private static TraceComponent tc = Tr.register(SecurityPolicyBaseInterceptor.class, "Security", "com.ibm.ejs.resources.security");

    public SecurityPolicyBaseInterceptor(RuntimeComponent runtimeComponent, Operation operation) {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "<init>", new Object[]{runtimeComponent, operation});
        }
        this.component = runtimeComponent;
        this.operation = operation;
        if (SecurityContext.isSecurityEnabled() && (SecurityObjectLocator.getSecurityConfigManager().isMultiDomainDefined() || WSSecurityHelper.isServerSecurityEnabled())) {
            this.securityEnabled = true;
            this.contextManager = ContextManagerFactory.getInstance();
            this.accessManager = AccessManagerFactory.getAccessManager();
            this.componentName = runtimeComponent.getName();
        }
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "<init>", this);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:91:0x02d8  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.ibm.ws.soa.sca.oasis.security.SCASecurityCookie inboundPreinvoke(java.lang.String r11, java.lang.String r12, com.ibm.ws.soa.sca.common.runtime.SCAAuthorizationPolicy r13) throws org.oasisopen.sca.ServiceRuntimeException {
        /*
            Method dump skipped, instructions count: 741
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.soa.sca.oasis.security.SecurityPolicyBaseInterceptor.inboundPreinvoke(java.lang.String, java.lang.String, com.ibm.ws.soa.sca.common.runtime.SCAAuthorizationPolicy):com.ibm.ws.soa.sca.oasis.security.SCASecurityCookie");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void inboundPostinvoke(String str, SCASecurityCookie sCASecurityCookie) throws ServiceRuntimeException {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "inboundPostinvoke", new Object[]{str, sCASecurityCookie});
        }
        Subject subject = null;
        Subject subject2 = null;
        boolean z = false;
        if (sCASecurityCookie != null) {
            subject = sCASecurityCookie.getReceivedSubject();
            subject2 = sCASecurityCookie.getInvokedSubject();
            z = sCASecurityCookie.getPushedResource();
        }
        if (z) {
            this.accessManager.popApplicationContext(str);
        }
        if (subject != null && subject2 != null) {
            try {
                if (this.contextManager.getCallerSubject() != null) {
                    this.contextManager.setCallerSubject(subject);
                }
                this.contextManager.setInvocationSubject(subject2);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, CLASSNAME + ".postInvokeCommon", "231", this);
                throw new ServiceRuntimeException(e.getMessage(), e);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "inboundPostinvoke");
        }
    }

    @trivial
    private Subject setUnauthenticatedSubjectIfNeeded(Subject subject, Subject subject2) {
        Subject subject3 = subject;
        if (subject == null && subject2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invoked and received Subject are null, setting it anonymous/unauthenticated.");
            }
            try {
                subject3 = SubjectHelper.createUnauthenticatedSubject();
                this.contextManager.setInvocationSubject(subject3);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, CLASSNAME + ".setUnauthenticatedSubjectIfNeeded", "249", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "contextManager.setInvocationSubject() threw exception when setting invocation subject to unauthenticated. " + e);
                }
                throw new ServiceRuntimeException("Error setting invocation subject to unauthenticated", e);
            }
        }
        return subject3;
    }

    @trivial
    private void setSubjects(Subject subject, Subject subject2) {
        try {
            this.contextManager.setInvocationSubject(subject2);
            try {
                this.contextManager.setCallerSubject(subject);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, CLASSNAME + ".setSubjects", "274", this);
                throw new ServiceRuntimeException(e.getMessage(), e);
            }
        } catch (WSSecurityException e2) {
            FFDCFilter.processException(e2, CLASSNAME + ".setSubjects", "265", this);
            throw new ServiceRuntimeException(TraceNLS.getFormattedMessage("com.ibm.ejs.resources.security", "security.invalid.creds", (Object[]) null, "Invalid credentials"));
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "<clinit>");
        }
    }
}
