package com.ibm.ws.security.auth;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/auth/LtpaAuthPropagation.class */
public class LtpaAuthPropagation implements AuthPropagation {
    private ContextManager ctxMgr = ContextManagerFactory.getInstance();
    private static final TraceComponent tc = Tr.register(LtpaAuthPropagation.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static SecurityConfig security = SecurityObjectLocator.getSecurityConfig();

    @Override // com.ibm.ws.security.auth.AuthPropagation
    public AuthPropagationValue getPropagationValue() throws Exception {
        Subject subject = null;
        Subject subject2 = null;
        AuthPropagationValue authPropagationValue = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropagationValue");
        }
        try {
            Subject runAsSubject = WSSubject.getRunAsSubject();
            if (runAsSubject != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getPropagationValue trying runAsSubject");
                }
                runAsSubject = WSSubject.getRunAsSubject();
                if (runAsSubject != null) {
                    authPropagationValue = getSingleSignonTokensFromSubject(runAsSubject);
                }
            }
            if (authPropagationValue == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getPropagationValue trying invocationSubject");
                }
                subject2 = this.ctxMgr.getInvocationSubject();
                if (subject2 != null) {
                    authPropagationValue = getSingleSignonTokensFromSubject(subject2);
                }
            }
            if (authPropagationValue == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getPropagationValue trying callerSubject");
                }
                subject = this.ctxMgr.getCallerSubject();
                if (subject != null) {
                    authPropagationValue = getSingleSignonTokensFromSubject(subject);
                }
            }
            if (runAsSubject == null && subject2 == null && subject == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "runAsSubject, invocationSubject and callerSubject on the thread are all null");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getAuthnTokenValue: " + (authPropagationValue == null ? "null" : authPropagationValue.toString()));
            }
            return authPropagationValue;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "caught exception: " + e.getMessage());
            }
            throw e;
        }
    }

    private AuthPropagationValue getSingleSignonTokensFromSubject(final Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSingleSignonTokensFromSubject");
        }
        AuthPropagationValue authPropagationValue = null;
        try {
            new ArrayList();
            if (subject != null) {
                HashSet<SingleSignonToken> hashSet = new HashSet();
                try {
                    Set set = (Set) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.auth.LtpaAuthPropagation.1
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            return subject.getPrivateCredentials(SingleSignonToken.class);
                        }
                    });
                    if (set != null && set.size() > 0) {
                        hashSet.addAll(set);
                    }
                    Set publicCredentials = subject.getPublicCredentials(SingleSignonToken.class);
                    if (publicCredentials != null && publicCredentials.size() > 0) {
                        hashSet.addAll(publicCredentials);
                    }
                    if (hashSet != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getSingleSignonTokensFromSubject got a  not null ssoTokensFromSubject");
                        }
                        for (SingleSignonToken singleSignonToken : hashSet) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "getSingleSignonTokensFromSubject getting next ssoToken");
                            }
                            String name = singleSignonToken.getName();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "getSingleSignonTokensFromSubject this ssoToken name is: " + name);
                            }
                            if (name.equals("LtpaToken") || name.equals(security.getLTPA2CookieName())) {
                                authPropagationValue = constructAuthValue(singleSignonToken);
                                break;
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getSingleSignonTokensFromSubject: no ssotoken found for this subject");
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.WebAttributes.getSingleSignonToken", "250");
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "getSingleSignonTokensFromSubject caught exception", new Object[]{e});
                    }
                    if (!tc.isEntryEnabled()) {
                        return null;
                    }
                    Tr.exit(tc, "getSingleSignonTokensFromSubject: returning (null)");
                    return null;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSingleSignonTokensFromSubject");
            }
            return authPropagationValue;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.LtpaAuthPropagation.getSingleSignonTokensFromSubject", "261");
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSingleSignonTokensFromSubject caught exception and returning null", new Object[]{e2});
            return null;
        }
    }

    private AuthPropagationValue constructAuthValue(SingleSignonToken singleSignonToken) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "constructValue");
        }
        String name = singleSignonToken.getName();
        byte[] bytes = singleSignonToken.getBytes();
        String base64Encode = Base64Coder.base64Encode(StringUtil.toString(bytes));
        short version = singleSignonToken.getVersion();
        String str = name + new Short(version).toString();
        Hashtable hashtable = new Hashtable();
        hashtable.put("token_bytes", new String(bytes));
        hashtable.put("token_name", name);
        hashtable.put(WSCookie.COOKIE_NAME, str);
        hashtable.put("token_version", String.valueOf((int) version));
        hashtable.put(WSCookie.COOKIE_VALUE, base64Encode);
        LtpaAuthPropagationValue ltpaAuthPropagationValue = new LtpaAuthPropagationValue(hashtable);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, ltpaAuthPropagationValue.toString());
        }
        return ltpaAuthPropagationValue;
    }
}
