package com.ibm.wsspi.security.token;

import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.ValidationFailedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.token.ValidationResultImpl;

/* loaded from: input_file:lib/admin/sas.jar:com/ibm/wsspi/security/token/WSSecurityPropagationHelper.class */
public class WSSecurityPropagationHelper {
    private static WSSecurityPropagationHelper wsSecurityPropagationHelper = null;
    public static boolean rmiInboundPropagationEnabled = false;
    public static boolean rmiOutboundPropagationEnabled = false;
    public static boolean webInboundPropagationEnabled = false;
    private static final WebSphereRuntimePermission UPDATE_PROP = new WebSphereRuntimePermission("setPropagationToken");
    private static final WebSphereRuntimePermission VALIDATE_TOKEN = new WebSphereRuntimePermission("validateLTPAToken");
    private static final TraceComponent tc = Tr.register(WSSecurityPropagationHelper.class, (String) null, "com.ibm.ejs.resources.security");

    public static WSSecurityPropagationHelper getInstance() {
        if (wsSecurityPropagationHelper == null) {
            wsSecurityPropagationHelper = new WSSecurityPropagationHelper();
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            rmiInboundPropagationEnabled = Boolean.valueOf(contextManagerFactory.getProperty("com.ibm.CSI.rmiInboundPropagationEnabled")).booleanValue();
            rmiOutboundPropagationEnabled = Boolean.valueOf(contextManagerFactory.getProperty("com.ibm.CSI.rmiOutboundPropagationEnabled")).booleanValue();
            webInboundPropagationEnabled = Boolean.valueOf(contextManagerFactory.getProperty("com.ibm.ws.security.webInboundPropagationEnabled")).booleanValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RMI inbound propagation enabled: " + rmiInboundPropagationEnabled);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RMI outbound propagation enabled: " + rmiOutboundPropagationEnabled);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WEB inbound propagation enabled: " + webInboundPropagationEnabled);
            }
        }
        return wsSecurityPropagationHelper;
    }

    private WSSecurityPropagationHelper() {
    }

    public boolean isRMIInboundPropagationEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isRMIInboundPropagationEnabled()");
        }
        boolean booleanValue = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty("com.ibm.CSI.rmiInboundPropagationEnabled")).booleanValue();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isRMIInboundPropagationEnabled()", Boolean.valueOf(booleanValue));
        }
        return booleanValue;
    }

    public boolean isRMIOutboundPropagationEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isRMIOutboundPropagationEnabled()");
        }
        boolean booleanValue = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty("com.ibm.CSI.rmiOutboundPropagationEnabled")).booleanValue();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isRMIOutboundPropagationEnabled()", Boolean.valueOf(booleanValue));
        }
        return booleanValue;
    }

    public boolean isWebInboundPropagationEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isWebInboundPropagationEnabled()");
        }
        boolean booleanValue = Boolean.valueOf(ContextManagerFactory.getInstance().getProperty("com.ibm.ws.security.webInboundPropagationEnabled")).booleanValue();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "webInboundPropagationEnabled()", Boolean.valueOf(booleanValue));
        }
        return booleanValue;
    }

    public static PropagationToken getPropagationToken(String str, int i) throws WSSecurityException {
        String str2 = str + ":" + i;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up propagation token with key " + str2);
        }
        return ContextManagerFactory.getInstance().getPropagationToken(str2);
    }

    public static PropagationToken addPropagationToken(PropagationToken propagationToken) throws WSSecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + UPDATE_PROP.toString());
            }
            securityManager.checkPermission(UPDATE_PROP);
        }
        String str = propagationToken.getName() + ":" + ((int) propagationToken.getVersion());
        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
        PropagationToken propagationToken2 = contextManagerFactory.getPropagationToken(str);
        if (propagationToken2 != null) {
            Tr.warning(tc, "security.sap.warning.propagation.token.exists", new Object[]{propagationToken.getName(), new Short(propagationToken.getVersion())});
            return propagationToken2;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting propagation token with key " + str);
        }
        return contextManagerFactory.setPropagationToken(str, propagationToken);
    }

    public static String validateLTPAToken(byte[] bArr) throws WSLoginFailedException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + VALIDATE_TOKEN.toString());
            }
            securityManager.checkPermission(VALIDATE_TOKEN);
        }
        try {
            com.ibm.wsspi.security.ltpa.Token validateLTPAToken = ContextManagerFactory.getInstance().getWSCredTokenMapper().validateLTPAToken(bArr);
            if (validateLTPAToken == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Throwing WSLoginFailedException, token was null.");
                }
                throw new WSLoginFailedException("Invalid token, token returned from validation is null.");
            }
            String[] attributes = validateLTPAToken.getAttributes("u");
            if (attributes == null || attributes[0] == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "Returning null.");
                return null;
            }
            String substring = attributes[0].startsWith("user:") ? attributes[0].substring(attributes[0].indexOf(":") + 1) : attributes[0];
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning securityName: " + substring);
            }
            return substring;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Received exception during validation.", new Object[]{e});
            }
            Manager.Ffdc.log(e, WSSecurityPropagationHelper.class, "com.ibm.ws.security.token.WSSecurityPropagationHelper.validateLTPAToken", "289");
            if (e instanceof WSLoginFailedException) {
                throw ((WSLoginFailedException) e);
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public static ValidationResult validateToken(byte[] bArr) throws ValidationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[])", "token=" + bArr);
        }
        try {
            ValidationResultImpl validationResultImpl = new ValidationResultImpl(ContextManagerFactory.getInstance(), validateLTPAToken(bArr));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateToken(byte[])", "ValidationResult=" + validationResultImpl);
            }
            return validationResultImpl;
        } catch (WSLoginFailedException e) {
            Manager.Ffdc.log(e, WSSecurityPropagationHelper.class, "com.ibm.ws.security.token.WSSecurityPropagationHelper.validateToken", "311");
            throw new ValidationFailedException("An exception was thrown while validating received token.", e);
        }
    }

    public static ValidationResult validateToken(byte[] bArr, boolean z) throws ValidationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateToken(byte[], boolean)", "token=" + bArr + " boolean = " + z);
        }
        try {
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            String validateLTPAToken = validateLTPAToken(bArr);
            if (z) {
                validateTokenRealm(bArr);
            }
            ValidationResultImpl validationResultImpl = new ValidationResultImpl(contextManagerFactory, validateLTPAToken);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateToken(byte[], boolean)", "ValidationResult=" + validationResultImpl);
            }
            return validationResultImpl;
        } catch (WSLoginFailedException e) {
            Manager.Ffdc.log(e, WSSecurityPropagationHelper.class, "com.ibm.ws.security.token.WSSecurityPropagationHelper.validateToken", "311");
            throw new ValidationFailedException("An exception was thrown while validating received token.", e);
        }
    }

    public static void validateTokenRealm(byte[] bArr) throws ValidationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validateTokenRealm(byte[])", "token=" + bArr);
        }
        try {
            ContextManagerFactory.getInstance().getWSCredTokenMapper().validateTokenRealm(ContextManagerFactory.getInstance().getWSCredTokenMapper().validateLTPAToken(bArr));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validateTokenRealm(byte[])");
            }
        } catch (Exception e) {
            throw new ValidationFailedException("An exception was thrown while validating realm in received token.", e);
        }
    }

    public static String getUserFromUniqueID(String str) {
        return RealmSecurityName.getSecurityName(str);
    }

    public static String getRealmFromUniqueID(String str) {
        int indexOf = str.indexOf(":");
        if (str.startsWith("user:")) {
            str = str.substring(indexOf + 1);
        }
        return RealmSecurityName.getRealm(str);
    }
}
