package com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl;

import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.platform.websphere.token.KRB5TokenImpl;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.LTPATokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.LTPAv2TokenImpl;
import com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback;
import com.ibm.wsspi.security.token.TokenHolder;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/platform/websphere/wssapi/token/impl/wssTokenPropagationInboundLoginModule.class */
public class wssTokenPropagationInboundLoginModule implements LoginModule {
    private static final TraceComponent tc = Tr.register(wssTokenPropagationInboundLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String UNT = "security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";
    private static final String X509T = "security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    private static final String LTPAT = "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype/5.0.2#LTPA";
    private static final String LTPAv2T = "security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype#LTPAv2";
    private static final String KRBV5 = "security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ";
    private Vector allTokens = null;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map _sharedState;
    private Map options;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this._sharedState = map;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login");
        }
        WSTokenHolderCallback[] wSTokenHolderCallbackArr = {new WSTokenHolderCallback("Authentication Token List: ")};
        try {
            this.callbackHandler.handle(wSTokenHolderCallbackArr);
            this.allTokens = new Vector();
            List tokenHolderList = wSTokenHolderCallbackArr[0].getTokenHolderList();
            if (tokenHolderList != null) {
                for (int i = 0; i < tokenHolderList.size(); i++) {
                    TokenHolder tokenHolder = (TokenHolder) tokenHolderList.get(i);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Restore authentication token: " + tokenHolder.getName());
                    }
                    if (tokenHolder.getName().equals("security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken") && tokenHolder.getVersion() == 1) {
                        WasUsernameTokenImpl wasUsernameTokenImpl = new WasUsernameTokenImpl();
                        wasUsernameTokenImpl.initialize(tokenHolder.getBytes());
                        this.allTokens.addElement(wasUsernameTokenImpl);
                    } else if (tokenHolder.getName().equals("security.wssecurity_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3") && tokenHolder.getVersion() == 1) {
                        WasX509TokenImpl wasX509TokenImpl = new WasX509TokenImpl();
                        wasX509TokenImpl.initialize(tokenHolder.getBytes());
                        this.allTokens.addElement(wasX509TokenImpl);
                    } else if (tokenHolder.getName().equals("security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype/5.0.2#LTPA") && tokenHolder.getVersion() == 1) {
                        LTPATokenImpl lTPATokenImpl = new LTPATokenImpl();
                        lTPATokenImpl.initialize(tokenHolder.getBytes());
                        this.allTokens.addElement(lTPATokenImpl);
                    } else if (tokenHolder.getName().equals("security.wssecurity_http://www.ibm.com/websphere/appserver/tokentype#LTPAv2") && tokenHolder.getVersion() == 1) {
                        LTPAv2TokenImpl lTPAv2TokenImpl = new LTPAv2TokenImpl();
                        lTPAv2TokenImpl.initialize(tokenHolder.getBytes());
                        this.allTokens.addElement(lTPAv2TokenImpl);
                    } else if (tokenHolder.getName().equals("security.wssecurity_http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ") && tokenHolder.getVersion() == 1) {
                        this.allTokens.addElement(new KRB5TokenImpl(tokenHolder.getBytes()));
                    }
                }
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "login");
            return true;
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Fail to handle callbackhandler.", e.getStackTrace());
            return false;
        }
    }

    public boolean commit() throws LoginException {
        while (this.allTokens != null && !this.allTokens.isEmpty()) {
            Object lastElement = this.allTokens.lastElement();
            this.allTokens.remove(lastElement);
            if (lastElement != null && (lastElement instanceof SecurityToken)) {
                final SecurityToken securityToken = (SecurityToken) lastElement;
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws LoginException {
                            try {
                                if (!wssTokenPropagationInboundLoginModule.this.subject.getPrivateCredentials().contains(securityToken)) {
                                    wssTokenPropagationInboundLoginModule.this.subject.getPrivateCredentials().add(securityToken);
                                }
                                return null;
                            } catch (Exception e) {
                                throw new LoginException(e.getMessage());
                            }
                        }
                    });
                } catch (Exception e) {
                    throw new LoginException(e.getMessage());
                }
            }
        }
        return true;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        this.allTokens = null;
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "abort()");
        return false;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "logout()");
        return false;
    }
}
