package com.ibm.ws.security.common.auth.module;

import com.ibm.ISecurityUtilityImpl.SecurityServer;
import com.ibm.ejs.ras.RasHelper;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.naming.PROPS;
import com.ibm.websphere.security.auth.AuthenticationFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.websphere.security.auth.callback.WSCredTokenCallbackImpl;
import com.ibm.websphere.security.auth.callback.WSRealmNameCallbackImpl;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.BasicAuthData;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSLoginHelperImpl;
import com.ibm.ws.security.common.auth.util.CredentialsHelper;
import com.ibm.ws.security.common.auth.util.Util;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.auth.callback.WSAppContextCallback;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.InitialContext;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:wasJars/wssec.jar:com/ibm/ws/security/common/auth/module/WSLoginModuleImpl.class */
public class WSLoginModuleImpl implements LoginModule {
    private Subject subject;
    private Subject login_subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private WSPrincipal principal;
    private WSCredential credential;
    private static SecurityServer securityServer = null;
    public static boolean retry = true;
    public static boolean calledSecurityServer = false;
    private static final TraceComponent tc = Tr.register(WSLoginModuleImpl.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    protected boolean debug = false;
    protected boolean use_realm_callback = false;
    protected boolean use_appcontext_callback = false;

    public WSLoginModuleImpl() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "WSLoginModuleImpl()");
            Tr.exit(tc, "WSLoginModuleImpl()");
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, dumpInitParam(subject, callbackHandler, map, map2));
        }
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        if (this.options != null) {
            this.use_realm_callback = "true".equalsIgnoreCase((String) this.options.get("use_realm_callback"));
            this.use_appcontext_callback = "true".equalsIgnoreCase((String) this.options.get("use_appcontext_callback"));
            this.debug = "true".equalsIgnoreCase((String) this.options.get("debug"));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WSLoginModuleImpl initialized");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize(subject, callbackHandler, sharedState, options)");
        }
    }

    public boolean login() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "login()");
        }
        disableAuthRetryForThread();
        this.succeeded = false;
        this.login_subject = null;
        String string = RasHelper.isServer() ? SecurityObjectLocator.getSecurityConfig().getActiveUserRegistry().getString("realm") : WSLoginHelperImpl.getDefaultRealmName();
        if (this.commitSucceeded) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The login module is in funny state, cleanup before starting a new login process.");
            }
            cleanup();
        }
        if (this.callbackHandler == null) {
            throw new WSLoginFailedException("No CallbackHandler available to gather authentication information from the user.");
        }
        if (this.callbackHandler instanceof WSCallbackHandlerImpl) {
            this.use_realm_callback = true;
            this.use_appcontext_callback = true;
        }
        Callback[] callbackArr = (this.use_realm_callback && this.use_appcontext_callback) ? new Callback[]{new NameCallback("Username: "), new PasswordCallback("Password: ", false), new WSCredTokenCallbackImpl("Credential Token: "), new WSRealmNameCallbackImpl("Realm Name: "), new WSAppContextCallback("App Context: ")} : this.use_realm_callback ? new Callback[]{new NameCallback("Username: "), new PasswordCallback("Password: ", false), new WSCredTokenCallbackImpl("Credential Token: "), new WSRealmNameCallbackImpl("Realm Name: ")} : this.use_appcontext_callback ? new Callback[]{new NameCallback("Username: "), new PasswordCallback("Password: ", false), new WSCredTokenCallbackImpl("Credential Token: "), new WSAppContextCallback("App Context: ")} : new Callback[]{new NameCallback("Username: "), new PasswordCallback("Password: ", false), new WSCredTokenCallbackImpl("Credential Token: ")};
        char[] cArr = null;
        byte[] bArr = null;
        String str = null;
        Map map = null;
        try {
            this.callbackHandler.handle(callbackArr);
            String name = ((NameCallback) callbackArr[0]).getName();
            char[] password = ((PasswordCallback) callbackArr[1]).getPassword();
            if (password != null) {
                cArr = new char[password.length];
                System.arraycopy(password, 0, cArr, 0, password.length);
                ((PasswordCallback) callbackArr[1]).clearPassword();
            }
            byte[] credToken = ((WSCredTokenCallbackImpl) callbackArr[2]).getCredToken();
            if (credToken != null) {
                bArr = CredentialsHelper.copyCredToken(credToken);
            }
            if (this.use_realm_callback) {
                str = ((WSRealmNameCallbackImpl) callbackArr[3]).getRealmName();
            }
            if (this.use_appcontext_callback && this.use_realm_callback) {
                map = ((WSAppContextCallback) callbackArr[4]).getContext();
            } else if (this.use_appcontext_callback) {
                map = ((WSAppContextCallback) callbackArr[3]).getContext();
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "uid = " + name);
                Tr.debug(tc, "password = " + (cArr == null ? "<null>" : "XXXXXXXX"));
                Tr.debug(tc, "cred token = " + Util.toString(bArr));
                Tr.debug(tc, "realm = " + str);
                Tr.debug(tc, "app context map = " + map);
            }
            if (name == null && cArr == null && (bArr == null || bArr.length == 0)) {
                throw new WSLoginFailedException("No authentication data.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Successfully gathered authentication information");
            }
            if (name != null || cArr != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using uid and password for authentication");
                    StringBuffer stringBuffer = new StringBuffer("Authenticating \"");
                    stringBuffer.append(string).append('/').append(name).append("\"");
                    Tr.debug(tc, stringBuffer.toString());
                }
                if (cArr == null) {
                    try {
                        cArr = new char[0];
                    } catch (WSLoginFailedException e) {
                        Manager.Ffdc.log(e, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "454", this);
                        if (SecurityContext.isServerProcess()) {
                            throw e;
                        }
                        Throwable rootException = ContextManagerFactory.getInstance().getRootException();
                        if (rootException != null && !(rootException instanceof WSLoginFailedException)) {
                            throw new WSLoginFailedException(e.getMessage(), rootException);
                        }
                        if (rootException == null || !(rootException instanceof WSLoginFailedException)) {
                            throw e;
                        }
                        throw ((WSLoginFailedException) rootException);
                    } catch (Exception e2) {
                        Manager.Ffdc.log(e2, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "472", this);
                        if (SecurityContext.isServerProcess()) {
                            throw new WSLoginFailedException(e2.getMessage(), e2);
                        }
                        Throwable rootException2 = ContextManagerFactory.getInstance().getRootException();
                        if (rootException2 != null && !(rootException2 instanceof WSLoginFailedException)) {
                            throw new WSLoginFailedException(e2.getMessage(), rootException2);
                        }
                        if (rootException2 == null || !(rootException2 instanceof WSLoginFailedException)) {
                            throw new WSLoginFailedException(e2.getMessage(), e2);
                        }
                        throw ((WSLoginFailedException) rootException2);
                    }
                }
                if (str == null || str.equalsIgnoreCase(string) || str.equalsIgnoreCase(CommonConstants.DEFAULT_REALM)) {
                    this.login_subject = ContextManagerFactory.getInstance().login(string, name, new String(cArr), "system.DEFAULT", (HttpServletRequest) null, (HttpServletResponse) null, (Map) null, this.subject);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Subject after authentication: " + this.login_subject);
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Target realm: " + str + " does not match current realm, " + string + " creating BasicAuth subject: " + this.login_subject);
                    }
                    this.login_subject = SubjectHelper.createBasicAuthSubject(str, name, new String(cArr));
                    if (map != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "AppContext found, validating basic auth");
                        }
                        String str2 = (String) map.get("java.naming.factory.initial");
                        String str3 = (String) map.get("java.naming.provider.url");
                        Hashtable hashtable = new Hashtable();
                        hashtable.put("java.naming.factory.initial", str2);
                        hashtable.put("java.naming.provider.url", str3);
                        hashtable.put(PROPS.JNDI_CACHE_OBJECT, PROPS.JNDI_CACHE_OBJECT_CLEARED);
                        final InitialContext initialContext = new InitialContext(hashtable);
                        try {
                            com.ibm.ws.security.server.SecurityServer securityServer2 = (com.ibm.ws.security.server.SecurityServer) ContextManagerFactory.getInstance().runAsSpecified(SubjectHelper.createUnauthenticatedSubject(), new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.1
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    if (WSLoginModuleImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WSLoginModuleImpl.tc, "Going to look up the security server");
                                    }
                                    Object lookup = initialContext.lookup("SecurityServer");
                                    if (WSLoginModuleImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WSLoginModuleImpl.tc, "Finished lookup, going to narrow");
                                    }
                                    com.ibm.ws.security.server.SecurityServer securityServer3 = (com.ibm.ws.security.server.SecurityServer) PortableRemoteObject.narrow(lookup, com.ibm.ws.security.server.SecurityServer.class);
                                    if (WSLoginModuleImpl.tc.isDebugEnabled()) {
                                        Tr.debug(WSLoginModuleImpl.tc, "Returning security server object");
                                    }
                                    return securityServer3;
                                }
                            });
                            if (securityServer2 != null) {
                                if (!securityServer2.simple_authenticate(new BasicAuthData(name, new String(cArr), str))) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "simple_authenticate returned false.");
                                    }
                                    throw new WSLoginFailedException("Userid and/or password is invalid.");
                                }
                                this.succeeded = true;
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "login(): status = " + this.succeeded);
                                }
                                return this.succeeded;
                            }
                        } catch (WSLoginFailedException e3) {
                            Manager.Ffdc.log(e3, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl", "437");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Failed to lookup security server");
                            }
                            Tr.error(tc, "security.getting.remote.server.error", new Object[]{e3});
                            throw e3;
                        } catch (Exception e4) {
                            Manager.Ffdc.log(e4, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl", "444");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Failed with general exception while getting remote security server");
                            }
                            Tr.error(tc, "security.getting.remote.server.ex", new Object[]{e4});
                            throw new WSLoginFailedException(e4.getMessage(), e4);
                        }
                    }
                }
            } else {
                if (bArr == null) {
                    throw new WSLoginFailedException("No authentication data");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using credential token for authentication");
                }
                try {
                    this.login_subject = ContextManagerFactory.getInstance().login(string, bArr, "system.DEFAULT", (HttpServletRequest) null, (HttpServletResponse) null, (Map) null, this.subject);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Subject after authentication: " + this.login_subject);
                    }
                } catch (WSLoginFailedException e5) {
                    Manager.Ffdc.log(e5, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "506", this);
                    if (SecurityContext.isServerProcess()) {
                        throw e5;
                    }
                    Throwable rootException3 = ContextManagerFactory.getInstance().getRootException();
                    if (rootException3 != null && !(rootException3 instanceof WSLoginFailedException)) {
                        throw new WSLoginFailedException(e5.getMessage(), rootException3);
                    }
                    if (rootException3 == null || !(rootException3 instanceof WSLoginFailedException)) {
                        throw e5;
                    }
                    throw ((WSLoginFailedException) rootException3);
                } catch (Exception e6) {
                    Manager.Ffdc.log(e6, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "524", this);
                    if (SecurityContext.isServerProcess()) {
                        throw new WSLoginFailedException(e6.getMessage(), e6);
                    }
                    Throwable rootException4 = ContextManagerFactory.getInstance().getRootException();
                    if (rootException4 != null && !(rootException4 instanceof WSLoginFailedException)) {
                        throw new WSLoginFailedException(e6.getMessage(), rootException4);
                    }
                    if (rootException4 == null || !(rootException4 instanceof WSLoginFailedException)) {
                        throw new WSLoginFailedException(e6.getMessage(), e6);
                    }
                    throw ((WSLoginFailedException) rootException4);
                }
            }
            this.succeeded = true;
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "login(): status = " + this.succeeded);
            }
            return this.succeeded;
        } catch (IOException e7) {
            Manager.Ffdc.log(e7, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "305", this);
            Tr.error(tc, "security.jaas.callBackHandlerIOException", new Object[]{getClass().getName(), e7});
            throw new WSLoginFailedException("java.io.IOException from CallbackHandler.handle()", e7);
        } catch (UnsupportedCallbackException e8) {
            Manager.Ffdc.log(e8, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login", "312", this);
            Tr.error(tc, "security.jaas.callBackHandlerException", new Object[]{getClass().getName(), e8.getCallback().toString(), e8});
            throw new WSLoginFailedException(e8.getCallback().toString() + " not supported by CallbackHandler to gather authentication information from the user", e8);
        }
    }

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        boolean z = false;
        try {
            try {
                if (this.succeeded) {
                    if (!this.commitSucceeded) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Start committing the changes to the Subject ...");
                        }
                        if (this.login_subject != null) {
                            this.credential = SubjectHelper.getWSCredentialFromSubject(this.login_subject);
                            this.principal = SubjectHelper.getPrincipalFromSubject(this.login_subject);
                        }
                        if (this.credential != null && this.principal != null) {
                            final Subject subject = this.login_subject;
                            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.2
                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    for (Object obj : subject.getPublicCredentials()) {
                                        if (obj != null && !WSLoginModuleImpl.this.subject.getPublicCredentials().contains(obj)) {
                                            if (!WSLoginModuleImpl.this.subject.getPublicCredentials().contains(obj)) {
                                                if (WSLoginModuleImpl.this.debug || WSLoginModuleImpl.tc.isDebugEnabled()) {
                                                    Tr.debug(WSLoginModuleImpl.tc, "Adding public object to Subject: " + obj);
                                                }
                                                WSLoginModuleImpl.this.subject.getPublicCredentials().add(obj);
                                            }
                                            if (obj instanceof WSCredential) {
                                                WSLoginModuleImpl.this.sharedState.put(Constants.WSCREDENTIAL_KEY, obj);
                                            }
                                        }
                                    }
                                    for (Object obj2 : subject.getPrivateCredentials()) {
                                        if (obj2 != null && !WSLoginModuleImpl.this.subject.getPrivateCredentials().contains(obj2) && !WSLoginModuleImpl.this.subject.getPrivateCredentials().contains(obj2)) {
                                            if (WSLoginModuleImpl.this.debug || WSLoginModuleImpl.tc.isDebugEnabled()) {
                                                Tr.debug(WSLoginModuleImpl.tc, "Adding private object to Subject: " + obj2);
                                            }
                                            WSLoginModuleImpl.this.subject.getPrivateCredentials().add(obj2);
                                        }
                                    }
                                    for (Principal principal : subject.getPrincipals()) {
                                        if (principal != null && !WSLoginModuleImpl.this.subject.getPrincipals().contains(principal)) {
                                            if (!WSLoginModuleImpl.this.subject.getPrincipals().contains(principal)) {
                                                if (WSLoginModuleImpl.this.debug || WSLoginModuleImpl.tc.isDebugEnabled()) {
                                                    Tr.debug(WSLoginModuleImpl.tc, "Adding principal object to Subject: " + principal);
                                                }
                                                WSLoginModuleImpl.this.subject.getPrincipals().add(principal);
                                            }
                                            if (principal instanceof WSPrincipal) {
                                                WSLoginModuleImpl.this.sharedState.put(Constants.WSPRINCIPAL_KEY, principal);
                                            }
                                        }
                                    }
                                    return null;
                                }
                            });
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Change committed!");
                        }
                        this.commitSucceeded = true;
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "It has been committed prior this call, nothing is done.");
                    }
                    z = this.commitSucceeded;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Do not commit because of authentication failed.");
                    }
                    z = false;
                }
                enableAuthRetryForThread();
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.commit", "699", this);
                Tr.error(tc, "security.jaas.LoginModuleCommitError", new Object[]{getClass().getName(), e});
                cleanup();
                this.commitSucceeded = false;
                enableAuthRetryForThread();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "commit(): status = " + z);
            }
            return z;
        } catch (Throwable th) {
            enableAuthRetryForThread();
            throw th;
        }
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        cleanup();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup the Subject, removes WSPrincipal and WSCredential from the Subject, reset all internal variables.");
            Tr.debug(tc, "Start cleanup ...");
        }
        if (!this.subject.isReadOnly()) {
            cleanup();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cleanup done.");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    protected String dumpInitParam(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        return "initialize(subject = \"" + (subject == null ? "<null>" : subject.toString()) + "\", callbackHandler = \"" + (callbackHandler == null ? "<null>" : callbackHandler.toString()) + "\", sharedState = \"" + (map == null ? "<null>" : map.toString()) + "\", options = \"" + (map2 == null ? "<null>" : map2.toString()) + "\")";
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        this.succeeded = false;
        this.commitSucceeded = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Start removing WSPrinciapl, WSCredential, and CORBA Credentials from the Subject.");
            Tr.debug(tc, "Start removing ...");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    if (WSLoginModuleImpl.this.principal != null && WSLoginModuleImpl.this.subject.getPrincipals().contains(WSLoginModuleImpl.this.principal)) {
                        WSLoginModuleImpl.this.subject.getPrincipals().remove(WSLoginModuleImpl.this.principal);
                    }
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.run", "840", this);
                    Tr.error(WSLoginModuleImpl.tc, "security.jaas.removePrinException", new Object[]{getClass().getName(), WSLoginModuleImpl.this.principal.getName(), e});
                }
                if (WSLoginModuleImpl.this.credential == null) {
                    return null;
                }
                try {
                    if (WSLoginModuleImpl.this.subject.getPublicCredentials().contains(WSLoginModuleImpl.this.credential)) {
                        WSLoginModuleImpl.this.subject.getPublicCredentials().remove(WSLoginModuleImpl.this.credential);
                    }
                } catch (Exception e2) {
                    Manager.Ffdc.log(e2, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.run", "856", this);
                    Tr.error(WSLoginModuleImpl.tc, "security.jaas.removeCredException", new Object[]{getClass().getName(), e2});
                }
                try {
                    WSLoginModuleImpl.this.credential.destroy();
                    return null;
                } catch (Exception e3) {
                    Manager.Ffdc.log(e3, this, "com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.run", "866", this);
                    if (!WSLoginModuleImpl.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(WSLoginModuleImpl.tc, "Credential destroy failed");
                    Tr.debug(WSLoginModuleImpl.tc, Util.toString(e3));
                    return null;
                }
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Removed.");
        }
        this.principal = null;
        this.credential = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }

    private static void disableAuthRetryForThread() {
        retry = false;
        ContextManagerFactory.getInstance().put("wssecurity.disableauthretry", new Boolean(true));
    }

    private static void enableAuthRetryForThread() {
        retry = true;
        ContextManagerFactory.getInstance().put("wssecurity.disableauthretry", new Boolean(false));
    }

    private SecurityServer getSecurityServer() throws AuthenticationFailedException {
        calledSecurityServer = true;
        return null;
    }
}
