package com.ibm.ws.security.zOS.threadid;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.csi.EJBComponentMetaData;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.zOS.NativeConfiguration;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.security.zOS.SAFServiceResult;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.util.WSThreadLocal;
import com.ibm.ws.webcontainer.metadata.WebComponentMetaData;
import com.ibm.wsspi.security.auth.callback.Constants;
import java.util.Iterator;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/security/zOS/threadid/ThreadIdentityManager.class */
public final class ThreadIdentityManager implements WSLoginLocalOSExtension {
    private static final TraceComponent tc = Tr.register(ThreadIdentityManager.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static final ThreadLocal _threadIdentity = new WSThreadLocal() { // from class: com.ibm.ws.security.zOS.threadid.ThreadIdentityManager.1
        @Override // java.lang.ThreadLocal
        protected Object initialValue() {
            if (ThreadIdentityManager.tc.isEntryEnabled()) {
                Tr.entry(ThreadIdentityManager.tc, "_threadIdentity.initialValue");
            }
            PlatformCredential createServerCredential = PlatformCredentialManager.instance().createServerCredential();
            if (ThreadIdentityManager.tc.isEntryEnabled()) {
                Tr.exit(ThreadIdentityManager.tc, "_threadIdentity.initialValue", createServerCredential);
            }
            return createServerCredential;
        }

        public String toString() {
            return get().toString();
        }
    };
    private static final ThreadLocal _appSyncData = new WSThreadLocal() { // from class: com.ibm.ws.security.zOS.threadid.ThreadIdentityManager.2
        @Override // java.lang.ThreadLocal
        protected Object initialValue() {
            return new Boolean(false);
        }
    };
    private static ThreadIdentityManager _instance;
    private ComponentMetaDataAccessorImpl _cmda = null;
    private PlatformCredentialManager _platformCredManager;

    public static ThreadIdentityManager getThreadIdentityManager() {
        if (_instance == null) {
            _instance = new ThreadIdentityManager();
        }
        return _instance;
    }

    private ThreadIdentityManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this._platformCredManager = PlatformCredentialManager.instance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isSyncToThreadEnabled() {
        return NativeConfiguration.getConfig().isConnectionManagementThreadIdentityEnabled();
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isApplicationSyncToOSThreadEnabled() {
        return NativeConfiguration.getConfig().isApplicationSyncToThreadEnabled();
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean isThreadLocalApplicationSyncEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isThreadLocalApplicationSyncEnabled");
        }
        Boolean bool = (Boolean) _appSyncData.get();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isThreadLocalApplicationSyncEnabled", bool);
        }
        return bool.booleanValue();
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void setThreadLocalApplicationSyncEnabled(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setThreadLocalApplicationSyncEnabled", new Boolean(z));
        }
        _appSyncData.set(new Boolean(z));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setThreadLocalApplicationSyncEnabled");
        }
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Subject getLocalOSInvocationSubject() throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSInvocationSubject");
        }
        Subject invocationSubject = getInvocationSubject();
        if (invocationSubject == null) {
            try {
                invocationSubject = ContextManagerFactory.getInstance().getServerSubject();
            } catch (WSSecurityException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to get server subject", e);
                }
            }
        }
        Subject extractJ2CSubject = extractJ2CSubject(invocationSubject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSInvocationSubject", extractJ2CSubject);
        }
        return extractJ2CSubject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Subject getLocalOSOwnSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSOwnSubject");
        }
        Subject subject = null;
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        if (isSyncToThreadEnabled()) {
            try {
                subject = extractJ2CSubject(contextManagerFactory.getInvocationSubject());
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getLocalOSOwnSubject", e);
                }
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Connection management sync to thread is disabled, just getting the server subject.");
            }
            try {
                subject = extractJ2CSubject(contextManagerFactory.getServerSubject());
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getLocalOSOwnSubject", e2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSOwnSubject", subject);
        }
        return subject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Subject getLocalOSServerSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSServerSubject");
        }
        Subject subject = null;
        try {
            subject = extractJ2CSubject(ContextManagerFactory.getInstance().getServerSubject());
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getLocalOSServerSubject", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSServerSubject", subject);
        }
        return subject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Subject getLocalOSPlatformCredSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalOSPlatformCredSubject");
        }
        Subject subject = null;
        try {
            subject = extractPlatformCredSubject(ContextManagerFactory.getInstance().getServerSubject());
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getLocalOSPlatformCredSubject", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLocalOSPlatformCredSubject", subject);
        }
        return subject;
    }

    private Subject extractJ2CSubject(Subject subject) {
        Subject j2CSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractJ2CSubject", subject);
        }
        if (subject != null) {
            PlatformCredential platformCredentialFromSubject = getPlatformCredentialFromSubject(subject);
            if (platformCredentialFromSubject == null) {
                platformCredentialFromSubject = this._platformCredManager.createDefaultCredential();
            }
            j2CSubject = platformCredentialFromSubject.getJ2CSubject();
        } else {
            j2CSubject = this._platformCredManager.createServerCredential().getJ2CSubject();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractJ2CSubject", j2CSubject);
        }
        return j2CSubject;
    }

    private Subject extractPlatformCredSubject(Subject subject) {
        Subject platformCredSubject;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractPlatformCredSubject", subject);
        }
        if (subject != null) {
            PlatformCredential platformCredentialFromSubject = getPlatformCredentialFromSubject(subject);
            if (platformCredentialFromSubject == null) {
                platformCredentialFromSubject = this._platformCredManager.createDefaultCredential();
            }
            platformCredSubject = platformCredentialFromSubject.getPlatformCredSubject();
        } else {
            platformCredSubject = this._platformCredManager.createServerCredential().getPlatformCredSubject();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractPlatformCredSubject", platformCredSubject);
        }
        return platformCredSubject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Object setLocalOSThreadID(Subject subject) throws IllegalStateException {
        return setLocalOSThreadID(subject, isSyncToThreadEnabled() || isApplicationSyncToOSThreadEnabled());
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public Object setAppLocalOSThreadID(Subject subject) throws IllegalStateException {
        return setLocalOSThreadID(subject, isApplicationSyncToOSThreadEnabled());
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void restoreLocalOSThreadID(Object obj) throws IllegalStateException {
        restoreLocalOSThreadID(obj, isSyncToThreadEnabled() || isApplicationSyncToOSThreadEnabled());
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public void restoreAppLocalOSThreadID(Object obj) throws IllegalStateException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreAppLocalOSThreadID", obj);
        }
        restoreLocalOSThreadID(obj, isApplicationSyncToOSThreadEnabled());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreAppLocalOSThreadID");
        }
    }

    private Object setLocalOSThreadID(Subject subject, boolean z) {
        PlatformCredential platformCredential = (PlatformCredential) _threadIdentity.get();
        if (z) {
            PlatformCredential platformCredential2 = null;
            if (subject != null) {
                platformCredential2 = getPlatformCredentialFromSubject(subject);
            }
            setThreadSecurityEnvironment(platformCredential2);
        }
        return platformCredential;
    }

    private void restoreLocalOSThreadID(Object obj, boolean z) {
        if (z) {
            setThreadSecurityEnvironment((PlatformCredential) obj);
        }
    }

    private boolean setThreadSecurityEnvironment(PlatformCredential platformCredential) {
        PlatformCredential platformCredential2 = (PlatformCredential) _threadIdentity.get();
        if (platformCredential == null) {
            platformCredential = this._platformCredManager.createServerCredential();
        }
        int ntv_setThreadSecurityEnvironment = platformCredential2.equals(platformCredential) ? 0 : platformCredential.getCredentialType() == PlatformCredential.SERVER ? ntv_setThreadSecurityEnvironment(null) : ntv_setThreadSecurityEnvironment(platformCredential);
        boolean z = ntv_setThreadSecurityEnvironment == 0;
        if (z) {
            _threadIdentity.set(platformCredential);
        } else if (ntv_setThreadSecurityEnvironment == 44) {
            _threadIdentity.set(null);
        } else {
            Tr.error(tc, "security.zos.saf.threadid.sync.error", new Object[]{platformCredential.getUserId(), SAFServiceResult.getSafServiceResult()});
        }
        return z;
    }

    private PlatformCredential getPlatformCredentialFromSubject(Subject subject) {
        PlatformCredential platformCredential = null;
        Iterator it = subject.getPrivateCredentials(PlatformCredential.class).iterator();
        if (it.hasNext()) {
            platformCredential = (PlatformCredential) it.next();
        }
        if (platformCredential == null) {
            WSCredential wSCredential = null;
            Iterator it2 = subject.getPublicCredentials(WSCredential.class).iterator();
            if (it2.hasNext()) {
                wSCredential = (WSCredential) it2.next();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, Constants.WSCREDENTIAL_KEY, wSCredential);
            }
            if (wSCredential != null) {
                try {
                    platformCredential = (PlatformCredential) wSCredential.get(CommonConstants.PLATFORM_CREDENTIAL);
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unexpected exception acquiring platform cred", e);
                    }
                }
            }
        }
        if (platformCredential == null) {
            platformCredential = this._platformCredManager.createDefaultCredential();
        }
        return platformCredential;
    }

    private Subject getInvocationSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInvocationSubject");
        }
        Subject subject = null;
        try {
            if (SecurityObjectLocator.getSecurityConfig().getBoolean(SecurityConfig.APP_SECURITY_ENABLED)) {
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                subject = contextManagerFactory.getInvocationSubject();
                if (subject == null) {
                    subject = contextManagerFactory.getCallerSubject();
                }
            }
        } catch (WSSecurityException e) {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Exception acquring invocation subject", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInvocationSubject", subject);
        }
        return subject;
    }

    @Override // com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension
    public boolean getAppSyncEnabledFromComponentMetaData() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAppSyncEnabledFromComponentMetaData");
        }
        boolean z = false;
        if (isApplicationSyncToOSThreadEnabled()) {
            EJBComponentMetaData componentMetaData = getMetaDataAccessor().getComponentMetaData();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "current meta data", componentMetaData);
            }
            if (componentMetaData != null) {
                if (componentMetaData instanceof EJBComponentMetaData) {
                    z = componentMetaData.isApplicationSyncToOSThreadEnabled();
                } else if (componentMetaData instanceof WebComponentMetaData) {
                    z = ((WebComponentMetaData) componentMetaData).getModuleMetaData().getWebAppConfig().isSyncToThreadEnabled();
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unknown component metadata", componentMetaData);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAppSyncEnabledFromComponentMetaData", new Boolean(z));
        }
        return z;
    }

    private ComponentMetaDataAccessorImpl getMetaDataAccessor() {
        if (this._cmda == null) {
            this._cmda = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor();
        }
        return this._cmda;
    }

    public String toString() {
        return super.toString() + ";_syncEnabled=" + isSyncToThreadEnabled() + ",_appSyncEnabled=" + isApplicationSyncToOSThreadEnabled() + ",_threadIdentity=" + _threadIdentity;
    }

    private static native int ntv_setThreadSecurityEnvironment(PlatformCredential platformCredential);
}
