package com.ibm.ws.webservices.wssecurity.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.server.SecurityServer;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.webservices.engine.MessageContext;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.Permission;
import java.util.HashMap;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import org.omg.Security.InvalidCredentialType;
import org.omg.SecurityLevel2.InvalidCredential;

/* loaded from: input_file:ws_runtime.jar:com/ibm/ws/webservices/wssecurity/util/CORBAHelper.class */
public final class CORBAHelper {
    private static final ContextManager contextManager = ContextManagerFactory.getInstance();
    private static final HashMap originalCallerSubject = new HashMap();
    private static final HashMap originalInvocationSubject = new HashMap();
    private static final TraceComponent tc;
    private static final String FFDC_SOURCE_ID = "com.ibm.ws.webservices.wssecurity.util.CORBAHelper";
    private static SecurityServer securityServer;
    private static final Permission MAP_CREDENTIAL;
    static Class class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper;
    static Class class$com$ibm$ws$security$server$SecurityServer;

    public static boolean isSecurityEnabled() {
        return SecurityContext.isSecurityEnabled();
    }

    public static synchronized void pushCredential(Subject subject, MessageContext messageContext) throws InvalidCredentialType, InvalidCredential {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("pushCredential(").append(subject).append(", ").append(messageContext).append(")").toString());
        }
        if (contextManager != null && contextManager.isCellSecurityEnabled()) {
            try {
                Subject invocationSubject = contextManager.getInvocationSubject();
                Subject callerSubject = contextManager.getCallerSubject();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Original Caller Subject", callerSubject);
                    Tr.debug(tc, "Original Invocation Subject", invocationSubject);
                    Tr.debug(tc, "Replace Caller and Invocation Subjects with", subject);
                }
                contextManager.setInvocationSubject(subject);
                contextManager.setCallerSubject(subject);
                originalInvocationSubject.put(messageContext, invocationSubject);
                originalCallerSubject.put(messageContext, callerSubject);
            } catch (WSSecurityException e) {
                StringBuffer stringBuffer = new StringBuffer();
                if (class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper == null) {
                    cls = class$(FFDC_SOURCE_ID);
                    class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper = cls;
                } else {
                    cls = class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper;
                }
                FFDCFilter.processException(e, stringBuffer.append(cls.getName()).append(".pushCredential()").toString(), "143");
                if (tc.isDebugEnabled()) {
                    StringWriter stringWriter = new StringWriter();
                    e.printStackTrace(new PrintWriter(stringWriter));
                    Tr.debug(tc, new StringBuffer().append("Exception in set Caller/Invocation Subject").append(stringWriter.toString()).toString());
                }
                throw new InvalidCredential();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pushCredential()");
        }
    }

    public static synchronized void popCredential(MessageContext messageContext) throws InvalidCredentialType, InvalidCredential {
        Class cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("popCredential(").append(messageContext).append(")").toString());
        }
        if (contextManager != null && contextManager.isCellSecurityEnabled()) {
            Subject subject = (Subject) originalCallerSubject.remove(messageContext);
            Subject subject2 = (Subject) originalInvocationSubject.remove(messageContext);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Original caller subject", subject);
                Tr.debug(tc, "Original Invocation Subject", subject2);
            }
            try {
                contextManager.setCallerSubject(subject);
                contextManager.setInvocationSubject(subject2);
            } catch (WSSecurityException e) {
                StringBuffer stringBuffer = new StringBuffer();
                if (class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper == null) {
                    cls = class$(FFDC_SOURCE_ID);
                    class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper = cls;
                } else {
                    cls = class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper;
                }
                FFDCFilter.processException(e, stringBuffer.append(cls.getName()).append(".pushCredential()").toString(), "176");
                if (tc.isDebugEnabled()) {
                    StringWriter stringWriter = new StringWriter();
                    e.printStackTrace(new PrintWriter(stringWriter));
                    Tr.debug(tc, new StringBuffer().append("Exception in set Caller/Invocation Subject").append(stringWriter.toString()).toString());
                }
                throw new InvalidCredential();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "popCredential()");
        }
    }

    public static String getSecurityName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName()");
        }
        String str = null;
        WSCredential wSCredential = null;
        try {
            wSCredential = contextManager.getInvocationCredential();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Invocation creds = ").append(wSCredential == null ? "null" : wSCredential.toString()).toString());
            }
        } catch (WSSecurityException e) {
            str = null;
            FFDCFilter.processException(e, FFDC_SOURCE_ID, "313");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Error in getting security name from credential ").append(e.toString()).toString());
            }
        }
        try {
            if (wSCredential != null) {
                str = wSCredential.getRealmSecurityName();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Invocation creds securityName = ").append(str).toString());
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Try getting the principal from received creds");
                }
                WSCredential[] callerCredentials = contextManager.getCallerCredentials();
                if (callerCredentials != null && callerCredentials.length != 0) {
                    WSCredential wSCredential2 = callerCredentials[0];
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Received cred = ").append(wSCredential2).toString());
                    }
                    if (wSCredential2 != null) {
                        str = wSCredential2.getRealmSecurityName();
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Received cred securityName = ").append(str).toString());
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Received creds = null");
                }
            }
        } catch (GeneralSecurityException e2) {
            str = null;
            FFDCFilter.processException(e2, FFDC_SOURCE_ID, "351");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error in getting security name from credential ", e2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getSecurityName() --> ").append(str).toString());
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper == null) {
            cls = class$(FFDC_SOURCE_ID);
            class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper = cls;
        } else {
            cls = class$com$ibm$ws$webservices$wssecurity$util$CORBAHelper;
        }
        tc = Tr.register(cls, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
        securityServer = null;
        if (contextManager.isCellSecurityEnabled()) {
            InitialContext initialContext = null;
            try {
                initialContext = new InitialContext();
            } catch (NamingException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to get initial naming context");
                }
                Tr.error(tc, "security.wssecurity.getting.initialctx.error", new Object[]{e});
            }
            if (initialContext != null) {
                try {
                    Object lookup = initialContext.lookup(Constants.SECURITY_SERVER);
                    if (class$com$ibm$ws$security$server$SecurityServer == null) {
                        cls2 = class$("com.ibm.ws.security.server.SecurityServer");
                        class$com$ibm$ws$security$server$SecurityServer = cls2;
                    } else {
                        cls2 = class$com$ibm$ws$security$server$SecurityServer;
                    }
                    securityServer = (SecurityServer) PortableRemoteObject.narrow(lookup, cls2);
                } catch (NamingException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to lookup Security Server");
                    }
                    Tr.error(tc, "security.wssecurity.securityserver.lookup.error", new Object[]{e2});
                }
            }
        }
        MAP_CREDENTIAL = new WebSphereRuntimePermission("wssecurity.mapCredential");
    }
}
