package com.ibm.ws.security.credentials.saf.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.authentication.cache.CacheEvictionListener;
import com.ibm.ws.security.authentication.cache.CacheObject;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.credentials.AccessIdUtil;
import com.ibm.ws.security.credentials.CredentialProvider;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.credentials.saf.SAFCredentialsService;
import com.ibm.ws.security.saf.SAFException;
import com.ibm.ws.security.saf.SAFSecurityName;
import com.ibm.ws.security.saf.SAFServiceResult;
import com.ibm.ws.zos.jni.NativeMethodManager;
import com.ibm.ws.zos.jni.NativeMethodUtils;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.logging.IntrospectableService;
import com.ibm.wsspi.security.credentials.saf.SAFCredential;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialException;
import org.apache.bcel.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.jmx.service.useradmin.UserAdminMBean;
import org.osgi.service.component.ComponentContext;

@TraceOptions(traceGroups = {UserAdminMBean.CREDENTIALS}, traceGroup = "", messageBundle = "com.ibm.ws.security.credentials.saf.internal.resources.SAFMessages", traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.credentials.saf_1.0.1.jar:com/ibm/ws/security/credentials/saf/internal/SAFCredentialsServiceImpl.class */
public class SAFCredentialsServiceImpl implements SAFCredentialsService, CredentialProvider, CacheEvictionListener, IntrospectableService {
    private static final TraceComponent tc = Tr.register(SAFCredentialsServiceImpl.class);
    private static final String DEFAULT_PASSWORD_AUDIT_STRING = "WebSphere Userid/Password Login";
    private static final String DEFAULT_AUTHORIZED_CREATE_AUDIT_STRING = "WebSphere Authorized Login";
    private static final String DEFAULT_UNAUTHENTICATED_AUDIT_STRING = "WebSphere Default/Unauthenticated Login";
    private static final String DEFAULT_CERTIFICATE_AUDIT_STRING = "WebSphere Certificate Login";
    public static final String UNAUTHENTICATED_USER_PROPERTY = "unauthenticatedUser";
    public static final String PROFILE_PREFIX_PROPERTY = "profilePrefix";
    static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    static final long serialVersionUID = 2126682631822477697L;
    private NativeMethodManager nativeMethodManager = null;
    private final SAFCredTokenMap safCredTokenMap = new SAFCredTokenMap();
    private boolean isMixedCasePWEnabled = false;
    private String unauthenticatedUser = null;
    private SAFCredential defaultCred = null;
    private String profilePrefix = null;
    private byte[] profilePrefixEBCDIC = null;
    private final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>("credentialsService");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.credentials.saf_1.0.1.jar:com/ibm/ws/security/credentials/saf/internal/SAFCredentialsServiceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type = new int[SAFCredential.Type.values().length];

        static {
            try {
                $SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type[SAFCredential.Type.BASIC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type[SAFCredential.Type.ASSERTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type[SAFCredential.Type.DEFAULT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type[SAFCredential.Type.CERTIFICATE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredentialsServiceImpl() {
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.credentialsServiceRef.activate(componentContext);
        CredentialsService service = this.credentialsServiceRef.getService();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "CredentialsService: " + service, new Object[0]);
        }
        updateConfig(map);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void modify(Map<String, Object> map) {
        updateConfig(map);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext, Map<String, Object> map) {
        cleanupCredTokenMap();
        this.credentialsServiceRef.deactivate(componentContext);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void updateConfig(Map<String, Object> map) {
        String str = (String) map.get(UNAUTHENTICATED_USER_PROPERTY);
        if (this.unauthenticatedUser == null || !this.unauthenticatedUser.equals(str)) {
            this.unauthenticatedUser = str;
            SAFCredential sAFCredential = this.defaultCred;
            SAFCredentialsServiceImpl sAFCredentialsServiceImpl = this;
            sAFCredentialsServiceImpl.defaultCred = null;
            try {
                sAFCredentialsServiceImpl = this;
                sAFCredentialsServiceImpl.deleteCredential(sAFCredential);
            } catch (SAFException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "212", this, new Object[]{map});
            }
            CredentialsService service = this.credentialsServiceRef.getService();
            if (service != null) {
                service.setUnauthenticatedUserid(this.unauthenticatedUser);
            }
        }
        String str2 = (String) map.get(PROFILE_PREFIX_PROPERTY);
        if (this.profilePrefix != null && !this.profilePrefix.equals(str2)) {
            ntv_flushPenaltyBoxCache();
        }
        this.profilePrefix = str2;
        this.profilePrefixEBCDIC = NativeMethodUtils.convertToEBCDIC(this.profilePrefix);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setNativeMethodManager(NativeMethodManager nativeMethodManager) {
        this.nativeMethodManager = nativeMethodManager;
        this.nativeMethodManager.registerNatives(SAFCredentialsServiceImpl.class);
        this.isMixedCasePWEnabled = ntv_isMixedCasePWEnabled();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetNativeMethodManager(NativeMethodManager nativeMethodManager) {
        if (this.nativeMethodManager == nativeMethodManager) {
            this.nativeMethodManager = null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [com.ibm.ws.security.credentials.saf.internal.SAFCredentialToken] */
    /* JADX WARN: Type inference failed for: r0v12 */
    /* JADX WARN: Type inference failed for: r0v13, types: [com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void cleanupCredTokenMap() {
        for (SAFCredentialToken sAFCredentialToken : this.safCredTokenMap.values()) {
            try {
                sAFCredentialToken = this;
                sAFCredentialToken.deleteSAFCredentialToken(sAFCredentialToken);
            } catch (SAFException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "259", this, new Object[0]);
            }
        }
        this.safCredTokenMap.clear();
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential createPasswordCredential(String str, @Sensitive String str2, String str3) throws SAFException {
        String normalizeUserId = normalizeUserId(str);
        String normalizePassword = normalizePassword(str2);
        if (str3 == null) {
            str3 = DEFAULT_PASSWORD_AUDIT_STRING;
        }
        SAFCredentialImpl sAFCredentialImpl = null;
        SAFServiceResult sAFServiceResult = new SAFServiceResult();
        byte[] ntv_createPasswordCredential = ntv_createPasswordCredential(NativeMethodUtils.convertToEBCDIC(normalizeUserId), NativeMethodUtils.convertToEBCDICNoTrace(normalizePassword), NativeMethodUtils.convertToEBCDIC(str3), this.profilePrefixEBCDIC, sAFServiceResult.getBytes());
        if (ntv_createPasswordCredential != null) {
            SAFCredentialToken sAFCredentialToken = new SAFCredentialToken(ntv_createPasswordCredential);
            sAFCredentialImpl = new SAFCredentialImpl(str, str3, SAFCredential.Type.BASIC);
            sAFCredentialImpl.setAuthenticated(true);
            this.safCredTokenMap.put((SAFCredential) sAFCredentialImpl, sAFCredentialToken);
        } else {
            sAFServiceResult.setAuthenticationFields(str, this.profilePrefix);
            sAFServiceResult.throwSAFException();
        }
        return sAFCredentialImpl;
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential getDefaultCredential() throws SAFException {
        SAFCredential sAFCredential = this.defaultCred;
        if (sAFCredential == null) {
            SAFCredential createAssertedCredential = createAssertedCredential(this.unauthenticatedUser, DEFAULT_UNAUTHENTICATED_AUDIT_STRING);
            this.defaultCred = createAssertedCredential;
            sAFCredential = createAssertedCredential;
            if (!isRESTRICTED(this.defaultCred)) {
                Tr.warning(tc, "UNAUTHENTICATED_USER_NOT_RESTRICTED", this.defaultCred.getUserId());
            }
        }
        return sAFCredential;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected boolean isRESTRICTED(SAFCredential sAFCredential) throws SAFException {
        SAFServiceResult sAFServiceResult = new SAFServiceResult();
        int ntv_isRESTRICTED = ntv_isRESTRICTED(getSAFCredentialTokenBytes(sAFCredential), sAFServiceResult.getBytes());
        if (ntv_isRESTRICTED == 1) {
            return true;
        }
        if (ntv_isRESTRICTED == 0) {
            return false;
        }
        sAFServiceResult.throwSAFException();
        return false;
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential createAssertedCredential(String str, String str2) throws SAFException {
        SAFCredentialToken createAssertedCredentialToken = createAssertedCredentialToken(str, str2);
        SAFCredentialImpl sAFCredentialImpl = new SAFCredentialImpl(str, str2, SAFCredential.Type.ASSERTED);
        this.safCredTokenMap.put((SAFCredential) sAFCredentialImpl, createAssertedCredentialToken);
        return sAFCredentialImpl;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected SAFCredentialToken createAssertedCredentialToken(String str, String str2) throws SAFException {
        String normalizeUserId = normalizeUserId(str);
        if (str2 == null) {
            str2 = DEFAULT_AUTHORIZED_CREATE_AUDIT_STRING;
        }
        SAFServiceResult sAFServiceResult = new SAFServiceResult();
        byte[] ntv_createAssertedCredential = ntv_createAssertedCredential(NativeMethodUtils.convertToEBCDIC(normalizeUserId), NativeMethodUtils.convertToEBCDIC(str2), this.profilePrefixEBCDIC, sAFServiceResult.getBytes());
        if (ntv_createAssertedCredential != null) {
            return new SAFCredentialToken(ntv_createAssertedCredential);
        }
        sAFServiceResult.setAuthenticationFields(str, this.profilePrefix);
        sAFServiceResult.throwSAFException();
        return null;
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential createCertificateCredential(X509Certificate x509Certificate, String str) throws SAFException {
        byte[] bArr = new byte[8];
        SAFCredentialToken createCertificateCredentialToken = createCertificateCredentialToken(x509Certificate, str, bArr);
        SAFCredentialImpl sAFCredentialImpl = new SAFCredentialImpl(NativeMethodUtils.convertToASCII(bArr), str, x509Certificate);
        sAFCredentialImpl.setAuthenticated(true);
        this.safCredTokenMap.put((SAFCredential) sAFCredentialImpl, createCertificateCredentialToken);
        return sAFCredentialImpl;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected SAFCredentialToken createCertificateCredentialToken(X509Certificate x509Certificate, String str, byte[] bArr) throws SAFException {
        if (str == null) {
            str = DEFAULT_CERTIFICATE_AUDIT_STRING;
        }
        byte[] bArr2 = null;
        try {
            bArr2 = x509Certificate.getEncoded();
            SAFServiceResult sAFServiceResult = new SAFServiceResult();
            byte[] ntv_createCertificateCredential = ntv_createCertificateCredential(bArr2, bArr2.length, NativeMethodUtils.convertToEBCDIC(str), this.profilePrefixEBCDIC, bArr, sAFServiceResult.getBytes());
            if (ntv_createCertificateCredential != null) {
                return new SAFCredentialToken(ntv_createCertificateCredential);
            }
            sAFServiceResult.setAuthenticationFields(null, this.profilePrefix);
            sAFServiceResult.throwSAFException();
            return null;
        } catch (CertificateEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "450", this, new Object[]{x509Certificate, str, bArr});
            CertificateEncodingException certificateEncodingException = bArr2;
            throw new SAFException(certificateEncodingException.getMessage(), certificateEncodingException);
        }
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void deleteCredential(SAFCredential sAFCredential) throws SAFException {
        SAFCredentialToken remove;
        if (sAFCredential == this.defaultCred || (remove = this.safCredTokenMap.remove((Object) sAFCredential)) == null) {
            return;
        }
        deleteSAFCredentialToken(remove);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deleteSAFCredentialToken(SAFCredentialToken sAFCredentialToken) throws SAFException {
        int ntv_deleteCredential = ntv_deleteCredential(sAFCredentialToken.getBytes());
        if (ntv_deleteCredential != 0) {
            throw new SAFException("ntv_deleteCredential failed with return code x" + Integer.toHexString(ntv_deleteCredential));
        }
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential getSAFCredentialFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        for (Object obj : subject.getPrivateCredentials()) {
            if (obj instanceof SAFCredential) {
                return (SAFCredential) obj;
            }
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.lang.String] */
    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getSAFCredentialTokenKey(SAFCredential sAFCredential) {
        ?? key;
        try {
            key = getSAFCredentialToken(sAFCredential).getKey();
            return key;
        } catch (SAFException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "534", this, new Object[]{sAFCredential});
            throw new IllegalArgumentException((Throwable) key);
        }
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, byte[]] */
    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public byte[] getSAFCredentialTokenBytes(SAFCredential sAFCredential) {
        ?? bytes;
        try {
            bytes = getSAFCredentialToken(sAFCredential).getBytes();
            return bytes;
        } catch (SAFException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "547", this, new Object[]{sAFCredential});
            throw new IllegalArgumentException((Throwable) bytes);
        }
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SAFCredential getCredentialFromKey(String str) {
        return this.safCredTokenMap.getCredential(str);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected SAFCredentialToken getSAFCredentialToken(SAFCredential sAFCredential) throws SAFException {
        SAFCredentialToken createCertificateCredentialToken;
        SAFCredentialToken sAFCredentialToken = this.safCredTokenMap.get(sAFCredential);
        if (sAFCredentialToken != null) {
            return sAFCredentialToken;
        }
        SAFCredential.Type type = sAFCredential.getType();
        switch (AnonymousClass1.$SwitchMap$com$ibm$wsspi$security$credentials$saf$SAFCredential$Type[type.ordinal()]) {
            case 1:
                if (!sAFCredential.isAuthenticated()) {
                    throw new SAFException("Cannot recreate native SAF credential for unauthenticated BASIC credential for user " + sAFCredential.getUserId());
                }
                createCertificateCredentialToken = createAssertedCredentialToken(sAFCredential.getUserId(), sAFCredential.getAuditString());
                break;
            case 2:
            case 3:
                createCertificateCredentialToken = createAssertedCredentialToken(sAFCredential.getUserId(), sAFCredential.getAuditString());
                break;
            case 4:
                createCertificateCredentialToken = createCertificateCredentialToken(sAFCredential.getCertificate(), sAFCredential.getAuditString(), new byte[8]);
                break;
            default:
                throw new SAFException("Unrecognized SAFCredential Type: " + type);
        }
        if (createCertificateCredentialToken == null) {
            throw new SAFException("Unable to recreate native SAF credential of type " + type + " for user " + sAFCredential.getUserId());
        }
        this.safCredTokenMap.put(sAFCredential, createCertificateCredentialToken);
        return createCertificateCredentialToken;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String getSAFCredTokenKeyFromSubject(Subject subject) {
        String str;
        Hashtable<String, ?> hashtableFromSubject = new SubjectHelper().getHashtableFromSubject(subject, new String[]{AccessIdUtil.UR_AUTHENTICATED_USERID_KEY});
        if (hashtableFromSubject == null || (str = (String) hashtableFromSubject.get(AccessIdUtil.UR_AUTHENTICATED_USERID_KEY)) == null) {
            return null;
        }
        return SAFSecurityName.parseKey(str);
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [java.lang.Throwable, com.ibm.ws.security.authentication.principals.WSPrincipal] */
    @Override // com.ibm.ws.security.credentials.CredentialProvider
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void setCredential(Subject subject) throws CredentialException {
        SAFCredential defaultCredential;
        Set principals = subject.getPrincipals(WSPrincipal.class);
        if (principals.isEmpty()) {
            return;
        }
        if (principals.size() != 1) {
            throw new CredentialException("Too many WSPrincipals in the subject");
        }
        String sAFCredTokenKeyFromSubject = getSAFCredTokenKeyFromSubject(subject);
        if (sAFCredTokenKeyFromSubject != null) {
            defaultCredential = this.safCredTokenMap.getCredential(sAFCredTokenKeyFromSubject);
        } else {
            ?? r0 = (WSPrincipal) principals.iterator().next();
            try {
                defaultCredential = r0.getName().equals(this.unauthenticatedUser) ? getDefaultCredential() : createAssertedCredential(AccessIdUtil.getUniqueId(r0.getAccessId()), null);
            } catch (SAFException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "688", this, new Object[]{subject});
                CredentialException credentialException = new CredentialException("could not create SAF credential for " + r0.getName());
                credentialException.initCause((Throwable) r0);
                throw credentialException;
            }
        }
        if (defaultCredential != null) {
            subject.getPrivateCredentials().add(defaultCredential);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x001b, code lost:
    
        if (r0.length == 0) goto L8;
     */
    @Override // com.ibm.ws.security.credentials.CredentialProvider
    @com.ibm.ws.ffdc.annotation.FFDCIgnore({java.lang.IllegalArgumentException.class})
    @com.ibm.websphere.ras.annotation.InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isSubjectValid(javax.security.auth.Subject r4) {
        /*
            r3 = this;
            r0 = 1
            r5 = r0
            r0 = r3
            r1 = r4
            com.ibm.wsspi.security.credentials.saf.SAFCredential r0 = r0.getSAFCredentialFromSubject(r1)
            r6 = r0
            r0 = r6
            if (r0 == 0) goto L27
            r0 = r3
            r1 = r6
            byte[] r0 = r0.getSAFCredentialTokenBytes(r1)     // Catch: java.lang.IllegalArgumentException -> L23
            r7 = r0
            r0 = r7
            if (r0 == 0) goto L1e
            r0 = r7
            int r0 = r0.length     // Catch: java.lang.IllegalArgumentException -> L23
            if (r0 != 0) goto L20
        L1e:
            r0 = 0
            r5 = r0
        L20:
            goto L27
        L23:
            r7 = move-exception
            r0 = 0
            r5 = r0
        L27:
            r0 = r5
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl.isSubjectValid(javax.security.auth.Subject):boolean");
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getProfilePrefix() {
        return this.profilePrefix;
    }

    @Override // com.ibm.ws.security.credentials.saf.SAFCredentialsService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public byte[] getProfilePrefixEBCDIC() {
        byte[] bArr = new byte[this.profilePrefixEBCDIC.length];
        System.arraycopy(this.profilePrefixEBCDIC, 0, bArr, 0, bArr.length);
        return bArr;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String normalizeUserId(String str) {
        assertNotNull(str, "userSecurityName is null");
        return str.toUpperCase();
    }

    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String normalizePassword(@Sensitive String str) {
        assertNotNull(str, "password is null");
        return this.isMixedCasePWEnabled ? str : str.toUpperCase();
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void assertNotNull(Object obj, String str) {
        if (obj == null) {
            throw new NullPointerException(str);
        }
    }

    @Override // com.ibm.ws.security.authentication.cache.CacheEvictionListener
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void evicted(List<Object> list) {
        Iterator<Object> it = list.iterator();
        while (it.hasNext()) {
            SAFCredential sAFCredentialFromSubject = getSAFCredentialFromSubject(((CacheObject) it.next()).getSubject());
            SAFCredentialsServiceImpl sAFCredentialsServiceImpl = sAFCredentialFromSubject;
            if (sAFCredentialsServiceImpl != null) {
                try {
                    sAFCredentialsServiceImpl = this;
                    sAFCredentialsServiceImpl.deleteCredential(sAFCredentialFromSubject);
                } catch (SAFException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.credentials.saf.internal.SAFCredentialsServiceImpl", "783", this, new Object[]{list});
                }
            }
        }
    }

    protected native byte[] ntv_createPasswordCredential(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5);

    protected native byte[] ntv_createAssertedCredential(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4);

    protected native byte[] ntv_createCertificateCredential(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5);

    protected native int ntv_deleteCredential(byte[] bArr);

    protected native boolean ntv_isMixedCasePWEnabled();

    protected native int ntv_isRESTRICTED(byte[] bArr, byte[] bArr2);

    protected native void ntv_flushPenaltyBoxCache();

    @Override // com.ibm.wsspi.logging.IntrospectableService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getDescription() {
        return "SAFCredentialsServiceImpl is an implementation of the SAFCredentialsServices, which creates and destroys and manages all aspects of native SAF credentials on z/OS.";
    }

    @Override // com.ibm.wsspi.logging.IntrospectableService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getName() {
        return "SAFCredentialsServiceImpl";
    }

    @Override // com.ibm.wsspi.logging.IntrospectableService
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void introspect(OutputStream outputStream) throws IOException {
        PrintWriter printWriter = new PrintWriter(outputStream);
        printWriter.println();
        if (this.safCredTokenMap.entrySet().isEmpty()) {
            printWriter.println("The active instance of the SAF Credential Token Map is empty.");
        } else {
            printWriter.println("SAF Credential Token Map Contents:");
            printWriter.println("  Size = " + this.safCredTokenMap.size());
            printWriter.println("  SAF Credential Tokens:");
            for (Map.Entry<SAFCredential, SAFCredentialToken> entry : this.safCredTokenMap.entrySet()) {
                printWriter.println("    SAFCredential User Name = " + entry.getKey().getUserId());
                printWriter.println("    SAFCredentialToken Key = " + entry.getValue().getKey());
                printWriter.println("----");
            }
        }
        printWriter.println();
        printWriter.flush();
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
