package com.ibm.websphere.wssecurity.auth.module;

import com.ibm.ws.sib.wsrm.WSRMConstants;
import com.ibm.ws.wssecurity.util.KRBMappedIdentityToken;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.Constants;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/websphere/wssecurity/auth/module/KRBIdentityMappingLoginModule.class */
public abstract class KRBIdentityMappingLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity.auth.login.jaasConfig";
    private Subject subject = null;
    private Map sharedState = null;
    private static TraceComponent tc = Tr.register(KRBIdentityMappingLoginModule.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public final boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        try {
            String str = (String) this.sharedState.get(Constants.STR_WSSECURITY_MAPPED_DN);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Mapped kerberos was principal " + str);
            }
            HashMap hashMap = new HashMap();
            hashMap.put("WASPrincipal", str);
            hashMap.put("uniqueID", "mapped_" + str.hashCode());
            hashMap.put("ValueType", "http://www.ibm.com/WebSphere#KerberosMappedToken");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Create a Kerberos Mapped Identity Token");
            }
            final KRBMappedIdentityToken kRBMappedIdentityToken = new KRBMappedIdentityToken(hashMap);
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.websphere.wssecurity.auth.module.KRBIdentityMappingLoginModule.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        KRBIdentityMappingLoginModule.this.subject.getPrivateCredentials().add(kRBMappedIdentityToken);
                        if (KRBIdentityMappingLoginModule.tc.isDebugEnabled()) {
                            Tr.debug(KRBIdentityMappingLoginModule.tc, "Credential added successfully to the subject. ");
                        }
                        return null;
                    } catch (Throwable th) {
                        if (!KRBIdentityMappingLoginModule.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(KRBIdentityMappingLoginModule.tc, "Credential is NOT added to the subject. ");
                        return null;
                    }
                }
            });
        } catch (Throwable th) {
            Tr.error(tc, "kerberos.unexpected.exception", "security.wssecurity.auth.login.jaasConfig" + th.getMessage());
            Tr.processException(th, KRBIdentityMappingLoginModule.class.getName(), WSRMConstants.PROCESS_TRANSACTION);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "commit()");
        }
        return false;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize()");
        }
        this.subject = subject;
        this.sharedState = map;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize()");
        }
    }

    public abstract boolean login() throws LoginException;

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }
}
