package com.ibm.ws.soa.sca.security;

import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.ContextManagerImpl;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.cred.AuthDataCredential;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.soa.sca.qos.util.SCAQoSConstants;
import com.ibm.ws.soa.sca.qos.util.logger.SCAQoSLogger;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.ListIterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.tuscany.sca.assembly.Binding;
import org.apache.tuscany.sca.assembly.OptimizableBinding;
import org.apache.tuscany.sca.binding.atom.AtomBinding;
import org.apache.tuscany.sca.binding.http.HTTPBinding;
import org.apache.tuscany.sca.policy.Intent;
import org.apache.tuscany.sca.policy.IntentAttachPoint;

/* loaded from: input_file:com/ibm/ws/soa/sca/security/HTTPSecurityHelper.class */
public class HTTPSecurityHelper {
    private static SecurityConfig security = SecurityObjectLocator.getSecurityConfig();
    private static final String className = "com.ibm.ws.soa.sca.security.HTTPSecurityHelper";
    private static final Logger logger = SCAQoSLogger.getLogger(className);

    public static Hashtable resolveAlias(String str) throws Exception {
        Hashtable hashtable = new Hashtable();
        AuthDataCredential authData = WSDefaultPrincipalMapping.getAuthData(str);
        String userName = authData.getUserName();
        String password = authData.getPassword();
        if (userName == null || password == null) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, "", "", "CWSQS0103", new Object[]{str});
            }
            throw new Exception("The specified JAAS Alias " + str + " was not found. ");
        }
        hashtable.put("username", userName);
        hashtable.put("password", password);
        return hashtable;
    }

    public static boolean isTransportSecure(OptimizableBinding optimizableBinding) throws Exception {
        boolean z = false;
        boolean z2 = new ContextManagerImpl().isServerSecurityEnabled();
        Binding binding = null;
        for (Binding binding2 : optimizableBinding.getTargetComponentService().getBindings()) {
            if ((binding2 instanceof AtomBinding) || (binding2 instanceof HTTPBinding)) {
                binding = binding2;
                break;
            }
        }
        if (binding != null) {
            for (Intent intent : ((IntentAttachPoint) binding).getRequiredIntents()) {
                if (intent.getName().equals(SCAQoSConstants.CONFIDENTIALITY_TRANSPORT_INTENT) || intent.getName().equals(SCAQoSConstants.INTEGRITY_TRANSPORT_INTENT)) {
                    z = true;
                    break;
                }
            }
        }
        return z2 && z;
    }

    public static void addCookieToRequestHeader(HttpMethodBase httpMethodBase) throws Exception {
        ArrayList createCookies;
        Subject callerSubject = WSSubject.getCallerSubject();
        if (callerSubject == null || (createCookies = createCookies(callerSubject)) == null) {
            return;
        }
        ListIterator listIterator = createCookies.listIterator();
        while (listIterator.hasNext()) {
            Cookie cookie = (Cookie) listIterator.next();
            if (cookie != null) {
                StringBuffer stringBuffer = new StringBuffer(cookie.getName());
                stringBuffer.append("=");
                stringBuffer.append(cookie.getValue());
                stringBuffer.append("; ");
                if (cookie.getPath() == null || cookie.getPath().length() <= 0) {
                    stringBuffer.append("path=/");
                } else {
                    stringBuffer.append("path=");
                    stringBuffer.append(cookie.getPath());
                }
                if (cookie.getDomain() != null && cookie.getDomain().length() > 0) {
                    stringBuffer.append("; domain=");
                    stringBuffer.append(cookie.getDomain());
                }
                if (cookie.getSecure()) {
                    stringBuffer.append("; secure");
                }
                stringBuffer.append("; HttpOnly");
                if (stringBuffer != null) {
                    httpMethodBase.setRequestHeader("Cookie", stringBuffer.toString());
                }
            }
        }
    }

    private static ArrayList createCookies(Subject subject) {
        ArrayList arrayList = new ArrayList();
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        Iterator singleSignonTokensFromSubject = getSingleSignonTokensFromSubject(subject);
        if (singleSignonTokensFromSubject != null) {
            while (singleSignonTokensFromSubject.hasNext()) {
                SingleSignonToken singleSignonToken = (SingleSignonToken) singleSignonTokensFromSubject.next();
                if (singleSignonToken != null) {
                    byte[] bytes = singleSignonToken.getBytes();
                    String name = singleSignonToken.getName();
                    if (name.equals("LtpaToken")) {
                    }
                    addCookieToList(name + new Short(singleSignonToken.getVersion()).toString(), bytes, arrayList, false);
                }
            }
        }
        if (security.getPropertyBool("com.ibm.ws.security.ssoInteropModeEnabled") || arrayList.size() == 0) {
            byte[] bArr = null;
            if (wSCredentialFromSubject != null) {
                try {
                    bArr = wSCredentialFromSubject.getCredentialToken();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.soa.sca.security.HTTPSecurityHelpercreateCookies", "256");
                }
                addCookieToList("LtpaToken", bArr, arrayList, false);
            }
        }
        return arrayList;
    }

    private static Iterator getSingleSignonTokensFromSubject(final Subject subject) {
        try {
            new ArrayList();
            if (subject == null) {
                return null;
            }
            HashSet hashSet = new HashSet();
            try {
                Set set = (Set) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.soa.sca.security.HTTPSecurityHelper.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return subject.getPrivateCredentials(SingleSignonToken.class);
                    }
                });
                if (set != null && set.size() > 0) {
                    hashSet.addAll(set);
                }
                Set publicCredentials = subject.getPublicCredentials(SingleSignonToken.class);
                if (publicCredentials != null && publicCredentials.size() > 0) {
                    hashSet.addAll(publicCredentials);
                }
                return hashSet.iterator();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.soa.sca.security.HTTPSecurityHelpergetSingleSignonTokensFromSubject", "304");
                return null;
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.soa.sca.security.HTTPSecurityHelpergetSingleSignonTokensFromSubject", "313");
            return null;
        }
    }

    private static void addCookieToList(String str, byte[] bArr, ArrayList arrayList, boolean z) {
        if (bArr != null || z) {
            Cookie cookie = new Cookie(str, z ? "" : Base64Coder.base64Encode(StringUtil.toString(bArr)));
            if (cookie != null) {
                if (z) {
                    cookie.setMaxAge(0);
                }
                arrayList.add(cookie);
            }
        }
    }
}
