package com.ibm.ws.security.auth;

import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ejs.ras.RasHelper;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.hats.common.actions.SetAction;
import com.ibm.hats.common.customlogic.GlobalVariableScreenReco;
import com.ibm.hats.runtime.RuntimeConstants;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.security.auth.j2c.GenericCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.TrustedAuthenticationRealm;
import com.ibm.wsspi.security.ltpa.Token;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.StringTokenizer;
import javax.security.auth.AuthPermission;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import org.omg.CSI.KRB5MechOID;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:lib/admin/sas.jar:com/ibm/ws/security/auth/WSCredentialImpl.class */
public class WSCredentialImpl implements WSCredential {
    private String realmname;
    private String username;
    private String uniqueusername;
    private String realmusername;
    private String realmuniqueusername;
    private String hostname;
    private String oid;
    private String primaryGroupId;
    private String accessId;
    private Token token;
    private byte[] credentialToken;
    private boolean forwardable;
    private long expiration;
    private boolean unauthenticated;
    private ArrayList groupIds;
    private ArrayList roles;
    private Hashtable hashTable;
    private boolean isBasicAuthCred;
    private boolean destroyed;
    private byte[] refreshSync;
    private byte[] serverCredCipher;
    private byte[] wsCredCipher;
    private GenericCredentialImpl genericCred;
    private Subject wsSubject;
    private boolean isServerCred;
    static final long serialVersionUID = 4148961460865333593L;
    private static final AuthPermission APP_READ_PERMISSION = new AuthPermission("wssecurity.applicationReadCredential");
    private static final AuthPermission APP_UPDATE_PERMISSION = new AuthPermission("wssecurity.applicationUpdateCredential");
    private static final AuthPermission READ_PERMISSION = new AuthPermission("wssecurity.readCredential");
    private static final AuthPermission UPDATE_PERMISSION = new AuthPermission("wssecurity.updateCredential");
    private static final AuthPermission CREATE_PERMISSION = new AuthPermission("wssecurity.createCredential");
    private static final AuthPermission DESTROY_PERMISSION = new AuthPermission("wssecurity.destroyCredential");
    private static final AuthPermission REFRESH_PERMISSION = new AuthPermission("wssecurity.refreshCredential");
    private static final TraceComponent tc = Tr.register(WSCredentialImpl.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");

    public WSCredentialImpl(String str, String str2, String str3, String str4, String str5, ArrayList arrayList, ArrayList arrayList2) {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{str, str2, str3, str4, str5, arrayList, arrayList2});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
        this.refreshSync = new byte[0];
        this.wsCredCipher = ServerCredSigner.getInstance().getEncryptedWSCredSigner();
        this.realmname = str;
        this.username = str2;
        this.uniqueusername = str3;
        this.primaryGroupId = str4;
        this.accessId = str5;
        this.hashTable = new Hashtable(32);
        if (this.username.endsWith("UNAUTHENTICATED")) {
            this.unauthenticated = true;
        }
        this.roles = arrayList != null ? (ArrayList) arrayList.clone() : new ArrayList();
        this.groupIds = arrayList2 != null ? (ArrayList) arrayList2.clone() : new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public WSCredentialImpl(String str, String str2, String str3, String str4, String str5, ArrayList arrayList, ArrayList arrayList2, String str6, Token token, boolean z, long j) {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{str, str2, str3, str4, str5, arrayList, str6, token, new Boolean(z), new Long(j)});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
        this.refreshSync = new byte[0];
        this.wsCredCipher = ServerCredSigner.getInstance().getEncryptedWSCredSigner();
        this.realmname = str;
        this.username = str2;
        this.uniqueusername = str3;
        this.primaryGroupId = str4;
        this.accessId = str5;
        this.oid = str6;
        this.token = token;
        this.forwardable = z;
        this.expiration = j;
        this.hashTable = new Hashtable(32);
        if (this.username.endsWith("UNAUTHENTICATED")) {
            this.unauthenticated = true;
        }
        this.roles = arrayList2 != null ? (ArrayList) arrayList2.clone() : new ArrayList();
        this.groupIds = arrayList != null ? (ArrayList) arrayList.clone() : new ArrayList();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public WSCredentialImpl(WSCredential wSCredential, String str, Token token, boolean z, long j) {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{wSCredential, str, token, new Boolean(z), new Long(j)});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
        try {
            this.refreshSync = new byte[0];
            this.wsCredCipher = ServerCredSigner.getInstance().getEncryptedWSCredSigner();
            this.realmname = wSCredential.getRealmName();
            this.username = wSCredential.getSecurityName();
            this.uniqueusername = wSCredential.getUniqueSecurityName();
            this.primaryGroupId = wSCredential.getPrimaryGroupId();
            this.accessId = wSCredential.getAccessId();
            this.roles = wSCredential.getRoles();
            this.groupIds = wSCredential.getGroupIds();
            this.hashTable = new Hashtable(32);
            this.oid = str;
            this.forwardable = z;
            this.expiration = j;
            this.token = token;
            this.hashTable = ((WSCredentialImpl) wSCredential).getTable();
            if (this.username.endsWith("UNAUTHENTICATED")) {
                this.unauthenticated = true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred while creating credential.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSCredentialImpl.constructor", "222");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public WSCredentialImpl(WSCredential wSCredential, String str, byte[] bArr, boolean z, long j) {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{wSCredential, str, bArr, new Boolean(z), new Long(j)});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
        try {
            this.refreshSync = new byte[0];
            this.wsCredCipher = ServerCredSigner.getInstance().getEncryptedWSCredSigner();
            this.realmname = wSCredential.getRealmName();
            this.username = wSCredential.getSecurityName();
            this.uniqueusername = wSCredential.getUniqueSecurityName();
            this.primaryGroupId = wSCredential.getPrimaryGroupId();
            this.accessId = wSCredential.getAccessId();
            this.roles = wSCredential.getRoles();
            this.groupIds = wSCredential.getGroupIds();
            this.hashTable = new Hashtable(32);
            this.oid = str;
            this.forwardable = z;
            this.expiration = j;
            this.credentialToken = bArr;
            this.hashTable = ((WSCredentialImpl) wSCredential).getTable();
            if (this.username.endsWith("UNAUTHENTICATED")) {
                this.unauthenticated = true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred while creating credential.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSCredentialImpl.constructor", "266");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public WSCredentialImpl(String str, String str2, String str3) {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = str3 == null ? null : "****";
            Tr.entry(traceComponent, "<init>", objArr);
        }
        this.refreshSync = new byte[0];
        this.wsCredCipher = ServerCredSigner.getInstance().getEncryptedWSCredSigner();
        this.realmname = str;
        this.username = str2;
        this.uniqueusername = str2;
        this.accessId = str2;
        this.credentialToken = StringBytesConversion.getConvertedBytes(str3);
        this.isBasicAuthCred = true;
        this.oid = GSSUPMechOID.value;
        this.forwardable = true;
        this.expiration = 0L;
        this.hashTable = new Hashtable(32);
        this.groupIds = new ArrayList();
        if (this.username.endsWith("UNAUTHENTICATED")) {
            this.unauthenticated = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public WSCredentialImpl() {
        this.token = null;
        this.expiration = 0L;
        this.unauthenticated = false;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        this.destroyed = false;
        this.refreshSync = null;
        this.serverCredCipher = null;
        this.wsCredCipher = null;
        this.genericCred = null;
        this.wsSubject = null;
        this.isServerCred = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup");
        }
        this.realmname = null;
        this.realmusername = null;
        this.realmuniqueusername = null;
        this.username = null;
        this.uniqueusername = null;
        this.oid = null;
        this.primaryGroupId = null;
        this.accessId = null;
        this.forwardable = false;
        this.expiration = 0L;
        this.credentialToken = null;
        this.groupIds = null;
        this.hashTable = null;
        this.isBasicAuthCred = false;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup", this);
        }
    }

    public GenericCredentialImpl getGenericCredential() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGenericCredential");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGenericCredential", this.genericCred);
        }
        return this.genericCred;
    }

    public void setGenericCredential(GenericCredentialImpl genericCredentialImpl) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setGenericCredential", genericCredentialImpl);
        }
        this.genericCred = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setGenericCredential");
        }
    }

    public void setSubject(Subject subject) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSubject", subject);
        }
        this.wsSubject = null;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSubject");
        }
    }

    public Subject getSubject() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubject");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubject", this.wsSubject);
        }
        return this.wsSubject;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealmName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmName", this.realmname);
        }
        return this.realmname;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityName", this.username);
        }
        return this.username;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealmSecurityName");
        }
        if (this.realmusername != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRealmSecurityName", this.realmusername);
            }
            return this.realmusername;
        }
        this.realmusername = getRealmName() + "/" + getSecurityName();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmSecurityName", this.realmusername);
        }
        return this.realmusername;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getUniqueSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueSecurityName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueSecurityName", this.uniqueusername);
        }
        return this.uniqueusername;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmUniqueSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealmUniqueSecurityName");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmUniqueSecurityName");
        }
        if (this.realmuniqueusername != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRealmUniqueSecurityName", this.realmuniqueusername);
            }
            return this.realmuniqueusername;
        }
        this.realmuniqueusername = getRealmName() + "/" + getUniqueSecurityName();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealmUniqueSecurityName", this.realmuniqueusername);
        }
        return this.realmuniqueusername;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public byte[] getCredentialToken() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCredentialToken");
        }
        if (this.credentialToken != null) {
            if (tc.isDebugEnabled() && !this.isBasicAuthCred) {
                Tr.debug(tc, "Initializing credential token", new Object[]{this.credentialToken});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCredentialToken");
            }
            return this.credentialToken;
        }
        if (this.credentialToken != null || this.token == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getCredentialToken() -> null");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getCredentialToken");
            return null;
        }
        try {
            this.credentialToken = this.token.getBytes();
            if (tc.isDebugEnabled() && !this.isBasicAuthCred) {
                Tr.debug(tc, "Initializing credential token", new Object[]{this.credentialToken});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCredentialToken");
            }
            return this.credentialToken;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting bytes[] from token.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.common.auth.WSCredentialImpl.getCredentialToken", "563");
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getCredentialToken");
            return null;
        }
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getHostName() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHostname");
        }
        if (this.hostname == null || this.hostname.length() == 0) {
            this.hostname = VaultImpl.getInstance().getORB().getLocalHost();
            if (this.hostname == null || this.hostname.length() == 0) {
                this.hostname = "localHost";
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHostName", this.hostname);
        }
        return this.hostname;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getOID() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOID");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOID", this.oid);
        }
        return this.oid;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isForwardable() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isForwardable");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isForwardable", new Boolean(this.forwardable));
        }
        return this.forwardable;
    }

    public boolean isForwardable(String str) throws CredentialDestroyedException, CredentialExpiredException {
        return isForwardable(str, null, null);
    }

    public boolean isForwardable(String str, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, Subject subject) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isForwardable: ", new Object[]{str, cSIv2EffectivePerformPolicy});
        }
        String kerberosRealmNameFromSubject = (cSIv2EffectivePerformPolicy == null || !OID.compareOIDs(KRB5MechOID.value, cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID())) ? this.realmname : SubjectHelper.getKerberosRealmNameFromSubject(subject);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isForwardable current_realm is: " + kerberosRealmNameFromSubject);
        }
        boolean z = (kerberosRealmNameFromSubject == null || str == null || kerberosRealmNameFromSubject.equalsIgnoreCase(str) || kerberosRealmNameFromSubject.equalsIgnoreCase(CommonConstants.DEFAULT_REALM)) ? false : true;
        if (RasHelper.isServer() && z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Target realm does not match current realm, target realm: " + str + ", current realm: " + kerberosRealmNameFromSubject + ". Going to check the outboundTrustedAuthenticationRealm property");
            }
            TrustedAuthenticationRealm outboundTrustedAuthenticationRealm = SecurityObjectLocator.getSecurityConfig().getOutboundTrustedAuthenticationRealm();
            String realmList = outboundTrustedAuthenticationRealm.getRealmList();
            boolean trustAllRealms = outboundTrustedAuthenticationRealm.getTrustAllRealms();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "found outbound realms element: trustAllRealms = " + trustAllRealms + " : realmList = " + realmList);
            }
            if (trustAllRealms) {
                z = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "trustAllRealms is true");
                }
            }
            if (z) {
                if (realmList != null && !realmList.equals("")) {
                    StringTokenizer stringTokenizer = new StringTokenizer(realmList, "|");
                    while (true) {
                        if (!stringTokenizer.hasMoreTokens()) {
                            break;
                        }
                        if (stringTokenizer.nextToken().equalsIgnoreCase(str)) {
                            z = false;
                            break;
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "realmList String is null or empty");
                }
            }
        }
        if (z && tc.isDebugEnabled()) {
            Tr.debug(tc, "Target realm does not match current realm, target realm: " + str + ", current realm: " + kerberosRealmNameFromSubject + SecConstants.STRING_HOSTNAME_DELIMITER);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isForwardable() -> " + (!z));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isForwardable", new Boolean(!z));
        }
        return !z;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public long getExpiration() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getExpiration");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getExpiration", new Long(this.expiration));
        }
        return this.expiration;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPrimaryGroupId() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrimaryGroupId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrimaryGroupId", this.primaryGroupId);
        }
        return this.primaryGroupId;
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException: Cannot invoke "java.util.List.size()" because "successors" is null
        	at jadx.core.utils.BlockUtils.getNextBlockOnEmptyPath(BlockUtils.java:964)
        	at jadx.core.utils.BlockUtils.followEmptyPath(BlockUtils.java:939)
        	at jadx.core.dex.visitors.regions.RegionMaker.isEmptySyntheticPath(RegionMaker.java:1132)
        	at jadx.core.dex.visitors.regions.RegionMaker.isEqualPaths(RegionMaker.java:1127)
        	at jadx.core.dex.visitors.regions.IfMakerHelper.isInversionNeeded(IfMakerHelper.java:245)
        	at jadx.core.dex.visitors.regions.IfMakerHelper.mergeNestedIfNodes(IfMakerHelper.java:164)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:704)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    @Override // com.ibm.websphere.security.cred.WSCredential
    public java.util.ArrayList getRoles() throws com.ibm.websphere.security.auth.CredentialDestroyedException, javax.security.auth.login.CredentialExpiredException {
        /*
            r4 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.WSCredentialImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L11
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.WSCredentialImpl.tc
            java.lang.String r1 = "getRoles"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        L11:
            r0 = r4
            java.util.ArrayList r0 = r0.roles     // Catch: java.lang.Throwable -> L2f
            if (r0 == 0) goto L28
            r0 = r4
            java.util.ArrayList r0 = r0.roles     // Catch: java.lang.Throwable -> L2f
            java.lang.Object r0 = r0.clone()     // Catch: java.lang.Throwable -> L2f
            java.util.ArrayList r0 = (java.util.ArrayList) r0     // Catch: java.lang.Throwable -> L2f
            r5 = r0
            r0 = jsr -> L35
        L26:
            r1 = r5
            return r1
        L28:
            r0 = 0
            r5 = r0
            r0 = jsr -> L35
        L2d:
            r1 = r5
            return r1
        L2f:
            r6 = move-exception
            r0 = jsr -> L35
        L33:
            r1 = r6
            throw r1
        L35:
            r7 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.WSCredentialImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L4b
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.auth.WSCredentialImpl.tc
            java.lang.String r1 = "getRoles"
            r2 = r4
            java.util.ArrayList r2 = r2.roles
            com.ibm.ejs.ras.Tr.exit(r0, r1, r2)
        L4b:
            ret r7
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.auth.WSCredentialImpl.getRoles():java.util.ArrayList");
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getAccessId() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAccessId");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAccessId", this.accessId);
        }
        return this.accessId;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public ArrayList getGroupIds() throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupIds");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupIds", this.groupIds);
        }
        return (ArrayList) this.groupIds.clone();
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object get(String str) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "get", str);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(APP_READ_PERMISSION);
        }
        if (str.startsWith("wssecurity") && securityManager != null) {
            securityManager.checkPermission(READ_PERMISSION);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "get", this.hashTable);
        }
        return this.hashTable.get(str);
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object set(String str, Object obj) throws CredentialDestroyedException, CredentialExpiredException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, SetAction.ACTION_TYPE, new Object[]{str, obj});
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (str.startsWith("wssecurity") && securityManager != null) {
            securityManager.checkPermission(UPDATE_PERMISSION);
        }
        if (this.hashTable.get(str) != null && securityManager != null) {
            securityManager.checkPermission(APP_UPDATE_PERMISSION);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, SetAction.ACTION_TYPE, this.hashTable);
        }
        return this.hashTable.put(str, obj);
    }

    public boolean isCurrent() {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCurrent");
        }
        if (isDestroyed()) {
            return false;
        }
        try {
            z = (this.expiration == -1 || this.expiration == 0) ? true : this.expiration - System.currentTimeMillis() <= 0 ? ServerCredSigner.getInstance().isServerCred(this) : true;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Refresh of credential failed.");
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSCredentialImpl.refresh", "927", new Object[]{this});
            z = false;
        }
        if (tc.isDebugEnabled() && !z) {
            Tr.debug(tc, "isCurrent() -> " + z);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isCurrent", new Boolean(z));
        }
        return z;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isUnauthenticated() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUnauthenticated");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUnauthenticated", new Boolean(this.unauthenticated));
        }
        return this.unauthenticated;
    }

    public final void markAsUnauthenticated() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markAsUnauthenticated");
        }
        this.unauthenticated = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markAsUnauthenticated");
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DESTROY_PERMISSION);
        }
        if (ServerCredSigner.getInstance().isServerCred(this)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "destroy() -> Server cred cannot be destroyed");
            }
        } else {
            this.destroyed = true;
            cleanup();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "destroy");
            }
        }
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isDestroyed");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isDestroyed", new Boolean(this.destroyed));
        }
        return this.destroyed;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isBasicAuth() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isBasicAuth");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isBasicAuth", new Boolean(this.isBasicAuthCred));
        }
        return this.isBasicAuthCred;
    }

    public void refresh() throws RefreshFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, RuntimeConstants.CMD_REFRESH);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, RuntimeConstants.CMD_REFRESH);
        }
        throw new RefreshFailedException("Refresh is not supported in this mechanism.");
    }

    public Hashtable getTable() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTable");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(READ_PERMISSION);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTable", this.hashTable);
        }
        if (this.hashTable != null) {
            return (Hashtable) this.hashTable.clone();
        }
        return null;
    }

    public void setTable(Hashtable hashtable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTable", hashtable);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(UPDATE_PERMISSION);
        }
        this.hashTable = (Hashtable) hashtable.clone();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTable");
        }
    }

    protected void markServerCred(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markServerCred", bArr);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(UPDATE_PERMISSION);
        }
        this.serverCredCipher = bArr;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markServerCred");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getServerCredCipher() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerCredCipher");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerCredCipher", this.serverCredCipher);
        }
        return this.serverCredCipher;
    }

    public boolean isServerCred() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isServerCred");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isServerCred", new Boolean(this.isServerCred));
        }
        return this.isServerCred;
    }

    public boolean isWSCred() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isWSCred");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "isWSCred");
        return true;
    }

    public void markServerCred() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markServerCred");
        }
        this.isServerCred = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markServerCred");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getWSCredCipher() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSCredCipher");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSCredCipher", this.wsCredCipher);
        }
        return this.wsCredCipher;
    }

    public Token getTokenObject() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenObject");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokenObject(token not null? " + (this.token != null) + GlobalVariableScreenReco._CLOSE_PROP);
        }
        return this.token;
    }

    public void refreshCred(WSCredential wSCredential) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshCred", wSCredential);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(UPDATE_PERMISSION);
        }
        try {
            if (!wSCredential.isBasicAuth()) {
                if (wSCredential != null && !this.destroyed) {
                    synchronized (this.refreshSync) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Refreshing only the credential token and expiration: " + new Date(wSCredential.getExpiration()));
                        }
                        this.credentialToken = wSCredential.getCredentialToken();
                        this.expiration = wSCredential.getExpiration();
                        this.token = null;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Completed refresh.");
                        }
                    }
                } else if (wSCredential != null) {
                    synchronized (this.refreshSync) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Refreshing the entire WSCredential.");
                        }
                        this.destroyed = true;
                        this.token = null;
                        this.realmuniqueusername = null;
                        this.realmusername = null;
                        this.credentialToken = wSCredential.getCredentialToken();
                        this.expiration = wSCredential.getExpiration();
                        this.realmname = wSCredential.getRealmName();
                        this.username = wSCredential.getSecurityName();
                        this.uniqueusername = wSCredential.getUniqueSecurityName();
                        this.hostname = wSCredential.getHostName();
                        this.oid = wSCredential.getOID();
                        this.primaryGroupId = wSCredential.getPrimaryGroupId();
                        this.accessId = wSCredential.getAccessId();
                        this.forwardable = wSCredential.isForwardable();
                        this.unauthenticated = false;
                        this.groupIds = wSCredential.getGroupIds();
                        this.roles = wSCredential.getRoles();
                        this.hashTable = ((WSCredentialImpl) wSCredential).getTable();
                        this.isBasicAuthCred = false;
                        this.destroyed = false;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Completed refresh.");
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "refreshCred");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred while refreshing credential.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.auth.WSCredentialImpl.refreshCred", "1227", new Object[]{this});
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    public String toString() {
        return super.toString();
    }
}
