package com.ibm.ws.security.common.auth.module;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.zOS.PlatformCredentialManager;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.openjpa.conf.AutoDetachValue;
import org.aspectj.apache.bcel.Constants;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/common/auth/module/MapPlatformSubject.class */
public class MapPlatformSubject implements LoginModule {
    private static final TraceComponent tc = Tr.register(MapPlatformSubject.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static ResourceBundle msgBundle = ResourceBundle.getBundle(AdminConstants.MSG_BUNDLE_NAME);
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private boolean succeeded = false;
    private WSCredential credential = null;
    private PlatformCredential pc = null;
    private String principalClass = null;

    public MapPlatformSubject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE, new Object[]{subject, callbackHandler, map, map2});
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        Boolean valueOf = Boolean.valueOf(SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getType().equals("LOCALOS"));
        if (PlatformHelperFactory.getPlatformHelper().isZOS() && (valueOf == null || !valueOf.booleanValue() || this.sharedState.containsKey(AttributeNameConstants.ZOS_USERID))) {
            if (!this.sharedState.containsKey(com.ibm.wsspi.security.auth.callback.Constants.WSPRINCIPAL_KEY) || !this.sharedState.containsKey(com.ibm.wsspi.security.auth.callback.Constants.WSCREDENTIAL_KEY)) {
                this.succeeded = false;
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("A WSPrincipal or WSCredential does not exist in the shared state.");
                Tr.event(tc, "Throwing LoginException from login", wSLoginFailedException);
                throw wSLoginFailedException;
            }
            this.credential = (WSCredential) this.sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSCREDENTIAL_KEY);
            String str = (String) this.sharedState.get(AttributeNameConstants.ZOS_USERID);
            String str2 = (String) this.sharedState.get(AttributeNameConstants.ZOS_AUDIT_STRING);
            if (isServerCred()) {
                this.pc = PlatformCredentialManager.instance().createServerCredential();
            } else if (str != null) {
                this.pc = PlatformCredentialManager.instance().createCredential(str, str2);
            } else {
                this.pc = PlatformCredentialManager.instance().createDefaultCredential();
            }
        }
        if (this.sharedState.containsKey(AttributeNameConstants.CALLER_PRINCIPAL_CLASS)) {
            this.principalClass = (String) this.sharedState.get(AttributeNameConstants.CALLER_PRINCIPAL_CLASS);
        } else {
            this.principalClass = AttributeNameConstants.DEFAULT_CALLER_PRINCIPAL_CLASS;
        }
        this.succeeded = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AuditConstants.LOGIN, new Boolean(this.succeeded));
        }
        return this.succeeded;
    }

    protected boolean isServerCred() {
        boolean z;
        boolean z2 = false;
        try {
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.auth.module.MapPlatformSubject.login", "207", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception calling isServerCred: ", new Object[]{e});
            }
        }
        if (!ContextManagerFactory.getInstance().isInternalServerCredential(this.credential)) {
            if (!ContextManagerFactory.getInstance().isServerCred(this.credential)) {
                z = false;
                z2 = z;
                return z2;
            }
        }
        z = true;
        z2 = z;
        return z2;
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AutoDetachValue.DETACH_COMMIT);
        }
        try {
            try {
                if (this.pc != null && this.succeeded) {
                    this.credential.set(CommonConstants.PLATFORM_CREDENTIAL, this.pc);
                    this.credential.set(AttributeNameConstants.CALLER_PRINCIPAL_CLASS, this.principalClass);
                }
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.exit(tc, AutoDetachValue.DETACH_COMMIT, Boolean.TRUE);
                return true;
            } catch (Exception e) {
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException(e);
                Tr.event(tc, "Throwing LoginException from commit", wSLoginFailedException);
                throw wSLoginFailedException;
            }
        } finally {
            cleanup();
        }
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort", Boolean.TRUE);
        return true;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout", Boolean.TRUE);
        return true;
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup");
        }
        this.pc = null;
        this.principalClass = null;
        this.credential = null;
        this.succeeded = false;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup");
        }
    }
}
