package com.ibm.ws.security.token;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.kerberos.Krb5WSCredentialUtils;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.ltpa.LTPAServerObject;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.wsspi.security.ltpa.Token;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.wssecurity.platform.token.KRBAuthnToken;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSCredential;
import org.omg.CSI.KRB5MechOID;

/* loaded from: input_file:com/ibm/ws/security/token/AuthenticationTokenImpl.class */
public class AuthenticationTokenImpl extends AbstractTokenImpl implements AuthenticationToken {
    private String tokenName;
    private boolean forwardable;
    private static final WebSphereRuntimePermission UPDATE_TOKEN = new WebSphereRuntimePermission("updateToken");
    private static final WebSphereRuntimePermission MAP_CREDENTIAL = new WebSphereRuntimePermission("mapCredential");
    private static final TraceComponent tc = Tr.register(AuthenticationTokenImpl.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static String factoryClass = null;
    private Token token = null;
    private LTPAServerObject _ltpaServer = null;
    private SecurityConfigManager _scm = null;
    private byte[] tokenBytes = null;
    private String LTPA_OID = LTPAMechOID.value;
    private GSSCredential gssCred = null;
    private KRBAuthnToken krbAuthnToken = null;
    private Hashtable kerberosData = new Hashtable();
    private String KERBEROS_OID = KRB5MechOID.value;
    private ContextManager contextManager = null;
    private boolean isReadOnly = false;
    private Subject subjectReference = null;
    private short version = 1;

    public AuthenticationTokenImpl() {
        if (factoryClass == null) {
            factoryClass = SecurityObjectLocator.getSecurityConfig().getProperty("com.ibm.wsspi.security.token.authenticationTokenFactory");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "factoryClass:" + factoryClass);
            }
        }
    }

    public void initializeToken(String str, final Token token) throws WSLoginFailedException {
        this.tokenName = str;
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                AuthenticationTokenImpl.this.setToken(token);
                return null;
            }
        });
        this.token = token;
    }

    public void initializeToken(String str, byte[] bArr) throws WSLoginFailedException {
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing authentication token.");
            }
            this.tokenName = str;
            this.contextManager = ContextManagerFactory.getInstance();
            LTPAServerObject lTPAServerObject = getLTPAServerObject();
            if (bArr == null) {
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("wsSAPInboundLoginModule: Invalid authentication data");
                this.contextManager.setRootException(wSLoginFailedException);
                throw wSLoginFailedException;
            }
            this.token = null;
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using byte[] to create token for OID: " + this.tokenName);
                }
                if (factoryClass != null) {
                    try {
                        this.token = lTPAServerObject.validateTokenAndRealm(bArr, factoryClass);
                    } catch (Exception e) {
                        Tr.debug(tc, "Exception validating LTPA token by using factoryClass.", new Object[]{e});
                    }
                }
                if (this.token == null) {
                    this.token = lTPAServerObject.validateTokenAndRealm(bArr);
                }
                final Token token = this.token;
                AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.2
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        AuthenticationTokenImpl.this.setToken(token);
                        return null;
                    }
                });
            } catch (WSLoginFailedException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.token.AuthenticationTokenImpl.initializeToken", "181", this);
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e2});
                this.contextManager.setRootException(e2);
                throw e2;
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.token.AuthenticationTokenImpl.initializeToken", "188", this);
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e3});
                this.contextManager.setRootException(e3);
                throw new WSLoginFailedException(e3.getMessage(), e3);
            }
        } catch (Exception e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "125", this);
            Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e4});
            this.contextManager.setRootException(e4);
            if (!(e4 instanceof WSLoginFailedException)) {
                throw new WSLoginFailedException(e4.getMessage(), e4);
            }
            throw ((WSLoginFailedException) e4);
        }
    }

    public void initializeToken(Subject subject, String str, byte[] bArr) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeToken(Subject,String,byte[])", new Object[]{"oid=" + str, "credToken=" + bArr});
        }
        initializeToken(subject, str, bArr, false);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeToken(Subject,String,byte[])");
        }
    }

    public void initializeToken(Subject subject, String str, byte[] bArr, boolean z) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeToken(Subject,String,byte[],boolean)", new Object[]{"oid=" + str, "credToken=" + bArr, "refreshIfExpired=" + z});
        }
        initializeToken(subject, str, bArr, z, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeToken(Subject,String,byte[],boolean)");
        }
    }

    public void initializeToken(Subject subject, String str, byte[] bArr, boolean z, String str2) throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeToken(Subject,String,byte[],boolean,mapUid)", new Object[]{"oid=" + str, "credToken=" + bArr, "refreshIfExpired=" + z, "mapUid=" + str2});
        }
        try {
            this.tokenName = str;
            this.contextManager = ContextManagerFactory.getInstance();
            LTPAServerObject lTPAServerObject = getLTPAServerObject();
            if (bArr == null) {
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("wsSAPInboundLoginModule: Invalid authentication data");
                this.contextManager.setRootException(wSLoginFailedException);
                throw wSLoginFailedException;
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using byte[] to create token for OID: " + this.tokenName);
                }
                if (this.tokenName.equals(this.KERBEROS_OID)) {
                    this.krbAuthnToken = null;
                    this.gssCred = null;
                    if (WSKRBAuthnTokenFactoryFactory.getFactory().isKRBAuthnToken(bArr)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Create KRBAuthnToken.");
                        }
                        this.krbAuthnToken = WSKRBAuthnTokenFactoryFactory.getFactory().createToken(bArr);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Validate Kerberos initSecContext token.");
                        }
                        this.krbAuthnToken = Krb5WSCredentialUtils.validateToken(bArr);
                    }
                    if (this.krbAuthnToken != null) {
                        if (str2 != null && str2.length() > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "krbAuthnToken addAttribute mapUid: " + str2);
                            }
                            this.krbAuthnToken.addTokenAttribute(CommonConstants.KRB_MAP_UID, str2);
                        }
                        this.gssCred = this.krbAuthnToken.getGSSCredential();
                        if (subject != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Add KRBAuthnToken to Subject.");
                            }
                            SubjectHelper.putKerberosAuthnTokenToSubject(this.krbAuthnToken, subject);
                        }
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "ltpaToken: " + StringUtil.toString(bArr));
                    }
                    this.token = lTPAServerObject.validateToken(bArr, z);
                    final Token token = this.token;
                    AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.3
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            AuthenticationTokenImpl.this.setToken(token);
                            return null;
                        }
                    });
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "initializeToken(Subject,String,byte[],boolean,String)");
                }
            } catch (WSLoginFailedException e) {
                if (!SecurityMessages.suppressFFDCforKrbSkewError(e)) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.server.token.AuthenticationTokenImpl.initializeToken", "315", this);
                }
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e});
                this.contextManager.setRootException(e);
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "322", this);
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e2});
                this.contextManager.setRootException(e2);
                throw new WSLoginFailedException(e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "238", this);
            Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e3});
            this.contextManager.setRootException(e3);
            if (!(e3 instanceof WSLoginFailedException)) {
                throw new WSLoginFailedException(e3.getMessage(), e3);
            }
            throw ((WSLoginFailedException) e3);
        }
    }

    public void initializeToken(Subject subject, String str, GSSCredential gSSCredential) throws WSLoginFailedException {
        if (gSSCredential == null) {
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("wsSAPInboundLoginModule: Invalid authentication data");
            this.contextManager.setRootException(wSLoginFailedException);
            throw wSLoginFailedException;
        }
        try {
            this.gssCred = gSSCredential;
            if (this.gssCred != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding GSSCredential to Subject.");
                }
                SubjectHelper.putGSSCredentialInSubject(this.gssCred, subject);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "359", this);
            Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e});
            this.contextManager.setRootException(e);
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public void initializeToken(Subject subject, String str, String str2) throws WSLoginFailedException {
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing authentication token.");
            }
            this.tokenName = str;
            this.contextManager = ContextManagerFactory.getInstance();
            LTPAServerObject lTPAServerObject = getLTPAServerObject();
            if (str2 == null) {
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("wsSAPInboundLoginModule: Invalid authentication data");
                this.contextManager.setRootException(wSLoginFailedException);
                throw wSLoginFailedException;
            }
            if (this.tokenName.equals(this.KERBEROS_OID)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trying to login with just UID when using Kerberos auth mechanism, throwing WSLoginFailedException...");
                }
                throw new WSLoginFailedException("Cannot login with just UserID (no password) when using Kerberos auth mechanism.");
            }
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                    Tr.debug(tc, "Expecting : " + MAP_CREDENTIAL.toString());
                }
                securityManager.checkPermission(MAP_CREDENTIAL);
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using uid to create token using factroy: " + factoryClass);
                }
                this.token = lTPAServerObject.createLTPAToken(str2, factoryClass);
                final Token token = this.token;
                AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.4
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        AuthenticationTokenImpl.this.setToken(token);
                        return null;
                    }
                });
            } catch (WSLoginFailedException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "435", this);
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e});
                this.contextManager.setRootException(e);
                throw e;
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "442", this);
                Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e2});
                this.contextManager.setRootException(e2);
                throw new WSLoginFailedException(e2.getMessage(), e2);
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.server.lm.wsSAPInboundLoginModule.login", "384", this);
            Tr.debug(tc, "Exception validating LTPA token.", new Object[]{e3});
            this.contextManager.setRootException(e3);
            if (!(e3 instanceof WSLoginFailedException)) {
                throw new WSLoginFailedException(e3.getMessage(), e3);
            }
            throw ((WSLoginFailedException) e3);
        }
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public boolean isValid() {
        if (this.tokenName.equals(this.LTPA_OID)) {
            return new Date().before(new Date(getExpiration()));
        }
        if (!this.tokenName.equals(this.KERBEROS_OID)) {
            return false;
        }
        int i = 0;
        try {
            if (this.gssCred != null) {
                i = this.gssCred.getRemainingLifetime();
            } else {
                if (this.krbAuthnToken != null) {
                    return this.krbAuthnToken.isTokenValid();
                }
                i = 1;
            }
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting expiraion from GSSCredential.", new Object[]{e});
        }
        return i > 0;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public long getExpiration() {
        if (this.tokenName.equals(this.LTPA_OID)) {
            return super.getExpiration();
        }
        if (!this.tokenName.equals(this.KERBEROS_OID)) {
            return -1L;
        }
        int i = -1;
        try {
            if (this.gssCred != null) {
                i = this.gssCred.getRemainingLifetime();
            } else if (this.krbAuthnToken != null) {
                return this.krbAuthnToken.getTokenExpiration();
            }
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting expiraion from GSSCredential.", new Object[]{e});
        }
        return (i * 1000) + System.currentTimeMillis();
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public boolean isForwardable() {
        if (this.tokenName.equals(this.LTPA_OID)) {
            return true;
        }
        if (!this.tokenName.equals(this.KERBEROS_OID) || this.krbAuthnToken == null) {
            return false;
        }
        return this.krbAuthnToken.isTokenForwardable();
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getPrincipal() {
        if (this.tokenName.equals(this.LTPA_OID)) {
            String[] attributes = getAttributes("u");
            if (attributes == null || attributes.length <= 0) {
                return null;
            }
            return attributes[0];
        }
        if (!this.tokenName.equals(this.KERBEROS_OID)) {
            return null;
        }
        String[] attributes2 = getAttributes("u");
        if (attributes2 != null && attributes2.length > 0) {
            return attributes2[0];
        }
        if (this.gssCred == null && this.krbAuthnToken == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "GSSCredential is null, cannot get principal.");
            return null;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        try {
            if (this.krbAuthnToken != null) {
                str2 = this.krbAuthnToken.getTokenPrincipal() + "@" + this.krbAuthnToken.getTokenRealm();
                String[] tokenAttributes = this.krbAuthnToken.getTokenAttributes(CommonConstants.KRB_MAP_UID);
                if (tokenAttributes != null && tokenAttributes.length > 0) {
                    str3 = tokenAttributes[0];
                }
            } else if (this.gssCred != null) {
                str2 = this.gssCred.getName().toString();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Kerberos principal name: " + str2);
                Tr.debug(tc, "mapUid: " + str3);
            }
            str = (str3 == null || str3.length() <= 0) ? Krb5WSCredentialUtils.Krb5ToRegistryDN(str2) : Krb5WSCredentialUtils.Krb5ToRegistryDN(str3);
            if (str != null && str.length() > 0) {
                addAttribute("u", str);
            }
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting principal name from GSSCredential.", new Object[]{e});
        }
        return str;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getUniqueID() {
        String[] attributes = getAttributes(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY);
        if (attributes != null && attributes[0] != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found cache key in Authz token: " + attributes[0]);
            }
            return attributes[0];
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "No unique cache key found in token.");
        return null;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public byte[] getBytes() {
        if (!this.tokenName.equals(this.LTPA_OID)) {
            return new byte[0];
        }
        try {
            return super.getBytes();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting bytes[] from token.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.AbstractTokenImpl.getBytes", "663");
            return null;
        }
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getName() {
        return this.tokenName;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public short getVersion() {
        return this.version;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.AuthenticationToken
    public boolean isBasicAuth() {
        return false;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public void setReadOnly() {
        this.isReadOnly = true;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String[] getAttributes(String str) {
        if (this.tokenName.equals(this.LTPA_OID)) {
            return super.getAttributes(str);
        }
        String str2 = (String) this.kerberosData.get(str);
        if (str2 != null) {
            return new String[]{str2};
        }
        return null;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String[] addAttribute(String str, String str2) {
        SecurityManager securityManager;
        if ((str.startsWith("com.ibm.wsspi.security") || str.startsWith("com.ibm.websphere.security")) && (securityManager = System.getSecurityManager()) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + UPDATE_TOKEN.toString());
            }
            securityManager.checkPermission(UPDATE_TOKEN);
        }
        if (this.isReadOnly) {
            return null;
        }
        if (this.tokenName.equals(this.LTPA_OID)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting attribute with key: " + str);
            }
            return super.addAttribute(str, str2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting Kerberos data with key: " + str);
        }
        String str3 = (String) this.kerberosData.put(str, str2);
        if (str3 != null) {
            return new String[]{str3};
        }
        return null;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public Enumeration getAttributeNames() {
        return this.tokenName.equals(this.LTPA_OID) ? super.getAttributeNames() : this.kerberosData.keys();
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public Object clone() {
        try {
            AuthenticationTokenImpl authenticationTokenImpl = new AuthenticationTokenImpl();
            this.token = (Token) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return AuthenticationTokenImpl.this.getToken();
                }
            });
            if (this.tokenName.equals(this.KERBEROS_OID)) {
                authenticationTokenImpl.initializeToken(this.tokenName, (Token) null);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "tokenName is Kerberos, using krbAuthnToken instead of LTPA for authenticationToken");
                }
            } else {
                authenticationTokenImpl.initializeToken(this.tokenName, (Token) this.token.clone());
            }
            return authenticationTokenImpl;
        } catch (Exception e) {
            Tr.debug(tc, "Exception creating clone of authentication token.", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken.clone", "829");
            return null;
        }
    }

    private void getGSSCredFromSubject() {
        if (this.subjectReference != null) {
            this.gssCred = SubjectHelper.getGSSCredentialFromSubject(this.subjectReference);
        }
    }

    private LTPAServerObject getLTPAServerObject() throws WSLoginFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLTPAServerObject");
        }
        LTPAServerObject lTPAServerObject = null;
        try {
            if (this._scm == null) {
                this._scm = SecurityObjectLocator.getSecurityConfigManager();
            }
            if (this._scm == null || !this._scm.isAdminAgent()) {
                if (this._ltpaServer == null) {
                    this._ltpaServer = (LTPAServerObject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.7
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return LTPAServerObject.getLTPAServer();
                        }
                    });
                }
                lTPAServerObject = this._ltpaServer;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "in AdminAgent process, get LTPAServerObject from thread each time");
                    Tr.debug(tc, "AdminContext.peek() = " + AdminContext.peek());
                }
                lTPAServerObject = (LTPAServerObject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.token.AuthenticationTokenImpl.6
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return LTPAServerObject.getLTPAServer();
                    }
                });
            }
        } catch (PrivilegedActionException e) {
            Tr.debug(tc, "PrivilegedActionException getting LTPAServerObject", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.security.token.AuthenticationTokenImpl.LTPAServerObject", "896");
        } catch (Exception e2) {
            Tr.debug(tc, "Exception getting LTPAServerObject", new Object[]{e2});
            FFDCFilter.processException(e2, "com.ibm.ws.security.token.AuthenticationTokenImpl.LTPAServerObject", "901");
            throw new WSLoginFailedException(e2.getMessage(), e2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getLTPAServerObject", lTPAServerObject);
        }
        return lTPAServerObject;
    }
}
