package com.ibm.wsspi.security.token;

import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.SASPropFile;
import com.sun.tools.doclets.TagletManager;

/* loaded from: input_file:lib/sas.jar:com/ibm/wsspi/security/token/WSSecurityPropagationHelper.class */
public class WSSecurityPropagationHelper {
    private ContextManager contextManager;
    private static WSSecurityPropagationHelper wsSecurityPropagationHelper = null;
    public static boolean rmiInboundPropagationEnabled = false;
    public static boolean rmiOutboundPropagationEnabled = false;
    public static boolean webInboundPropagationEnabled = false;
    private static final WebSphereRuntimePermission UPDATE_PROP = new WebSphereRuntimePermission("setPropagationToken");
    private static final WebSphereRuntimePermission VALIDATE_TOKEN = new WebSphereRuntimePermission("validateLTPAToken");
    private static final TraceComponent tc;
    static Class class$com$ibm$wsspi$security$token$WSSecurityPropagationHelper;

    public static WSSecurityPropagationHelper getInstance() {
        if (wsSecurityPropagationHelper == null) {
            wsSecurityPropagationHelper = new WSSecurityPropagationHelper();
            rmiInboundPropagationEnabled = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty(SASPropFile.RMI_INBOUND_PROPAGATION_ENABLED)).booleanValue();
            rmiOutboundPropagationEnabled = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty(SASPropFile.RMI_OUTBOUND_PROPAGATION_ENABLED)).booleanValue();
            webInboundPropagationEnabled = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty(SASPropFile.WEB_INBOUND_PROPAGATION_ENABLED)).booleanValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("RMI inbound propagation enabled: ").append(rmiInboundPropagationEnabled).toString());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("RMI outbound propagation enabled: ").append(rmiOutboundPropagationEnabled).toString());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("WEB inbound propagation enabled: ").append(webInboundPropagationEnabled).toString());
            }
        }
        return wsSecurityPropagationHelper;
    }

    private WSSecurityPropagationHelper() {
        this.contextManager = null;
        try {
            this.contextManager = ContextManagerFactory.getInstance();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSSecurityPropagationHelper.constructor", "86", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting ContextManager.", new Object[]{e});
            }
            this.contextManager.setRootException(e);
        }
    }

    public boolean isRMIInboundPropagationEnabled() {
        return rmiInboundPropagationEnabled;
    }

    public boolean isRMIOutboundPropagationEnabled() {
        return rmiOutboundPropagationEnabled;
    }

    public boolean isWebInboundPropagationEnabled() {
        return webInboundPropagationEnabled;
    }

    public static PropagationToken getPropagationToken(String str, int i) throws WSSecurityException {
        String stringBuffer = new StringBuffer().append(str).append(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR).append(i).toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Looking up propagation token with key ").append(stringBuffer).toString());
        }
        return ContextManagerFactory.getInstance().getPropagationToken(stringBuffer);
    }

    public static PropagationToken addPropagationToken(PropagationToken propagationToken) throws WSSecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(UPDATE_PROP.toString()).toString());
            }
            securityManager.checkPermission(UPDATE_PROP);
        }
        String stringBuffer = new StringBuffer().append(propagationToken.getName()).append(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR).append((int) propagationToken.getVersion()).toString();
        PropagationToken propagationToken2 = ContextManagerFactory.getInstance().getPropagationToken(stringBuffer);
        if (propagationToken2 != null) {
            Tr.warning(tc, "security.sap.warning.propagation.token.exists", new Object[]{propagationToken.getName(), new Short(propagationToken.getVersion())});
            return propagationToken2;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Setting propagation token with key ").append(stringBuffer).toString());
        }
        return ContextManagerFactory.getInstance().setPropagationToken(stringBuffer, propagationToken);
    }

    public static String validateLTPAToken(byte[] bArr) throws WSLoginFailedException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, new StringBuffer().append("Expecting : ").append(VALIDATE_TOKEN.toString()).toString());
            }
            securityManager.checkPermission(VALIDATE_TOKEN);
        }
        try {
            com.ibm.wsspi.security.ltpa.Token validateLTPAToken = ContextManagerFactory.getInstance().getWSCredTokenMapper().validateLTPAToken(bArr);
            if (validateLTPAToken == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Throwing WSLoginFailedException, token was null.");
                }
                throw new WSLoginFailedException("Invalid token, token returned from validation is null.");
            }
            String[] attributes = validateLTPAToken.getAttributes("u");
            if (attributes == null || attributes[0] == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Returning null.");
                return null;
            }
            String substring = attributes[0].startsWith("user:") ? attributes[0].substring(attributes[0].indexOf(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR) + 1) : attributes[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Returning securityName: ").append(substring).toString());
            }
            return substring;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Received exception during validation.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.token.WSSecurityPropagationHelper.validateLTPAToken", "303");
            if (e instanceof WSLoginFailedException) {
                throw ((WSLoginFailedException) e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public static String getUserFromUniqueID(String str) {
        return RealmSecurityName.getSecurityName(str);
    }

    public static String getRealmFromUniqueID(String str) {
        int indexOf = str.indexOf(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR);
        if (str.startsWith("user:")) {
            str = str.substring(indexOf + 1);
        }
        return RealmSecurityName.getRealm(str);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$wsspi$security$token$WSSecurityPropagationHelper == null) {
            cls = class$("com.ibm.wsspi.security.token.WSSecurityPropagationHelper");
            class$com$ibm$wsspi$security$token$WSSecurityPropagationHelper = cls;
        } else {
            cls = class$com$ibm$wsspi$security$token$WSSecurityPropagationHelper;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
    }
}
