package com.ibm.websphere.security.jca;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.data.AuthData;
import com.ibm.websphere.security.auth.data.AuthDataProvider;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.auth.callback.WSManagedConnectionFactoryCallback;
import com.ibm.wsspi.security.auth.callback.WSMappingPropertiesCallback;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:targets/liberty8557/ibm/com.ibm.websphere.appserver.api.authData_1.0.14.jar:com/ibm/websphere/security/jca/WSPrincipalMappingLoginModule.class */
public class WSPrincipalMappingLoginModule implements LoginModule {
    private static final TraceComponent tc = Tr.register(WSPrincipalMappingLoginModule.class);
    private static final WebSphereRuntimePermission GET_PASSWORD_CREDENTIAL_PERMISSION = new WebSphereRuntimePermission("getPasswordCredential");
    private CallbackHandler callbackHandler;
    private Subject subject;
    private Subject temporarySubject;
    private boolean succeeded = false;
    static final long serialVersionUID = 7051885732826986993L;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.callbackHandler = callbackHandler;
        this.subject = subject;
    }

    public boolean login() throws LoginException {
        try {
            setPasswordCredentialInTemporarySubject(getHandledCallbacks());
            return this.succeeded;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.jca.WSPrincipalMappingLoginModule", "64", this, new Object[0]);
            throw new LoginException(e.getMessage());
        }
    }

    private Callback[] getHandledCallbacks() throws IOException, UnsupportedCallbackException {
        Callback[] callbackArr = {new WSManagedConnectionFactoryCallback("Target ManagedConnectionFactory: "), new WSMappingPropertiesCallback("Mapping Properties (HashMap): ")};
        this.callbackHandler.handle(callbackArr);
        return callbackArr;
    }

    private void setPasswordCredentialInTemporarySubject(Callback[] callbackArr) throws Exception {
        String alias = getAlias(callbackArr);
        if (alias != null) {
            validateCallerHasPermission();
            setupTemporarySubject(callbackArr, alias);
        }
    }

    private String getAlias(Callback[] callbackArr) {
        String str = null;
        Map properties = ((WSMappingPropertiesCallback) callbackArr[1]).getProperties();
        if (properties != null) {
            str = (String) properties.get(Constants.MAPPING_ALIAS);
            if (str != null) {
                str = str.trim();
            } else {
                Tr.error(tc, "MISSING_MAPPING_ALIAS_IN_CALLBACK_WSMAPPINGCALLBAKHANDLER", new Object[0]);
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isWarningEnabled()) {
            Tr.error(tc, "MISSING_MAP_IN_CALLBACK_WSMAPPINGCALLBAKHANDLER", new Object[0]);
        }
        return str;
    }

    private void validateCallerHasPermission() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GET_PASSWORD_CREDENTIAL_PERMISSION);
        }
    }

    private void setupTemporarySubject(Callback[] callbackArr, String str) throws LoginException {
        this.temporarySubject = new Subject();
        AuthData authData = AuthDataProvider.getAuthData(str);
        ManagedConnectionFactory managedConnectionFacotry = ((WSManagedConnectionFactoryCallback) callbackArr[0]).getManagedConnectionFacotry();
        PasswordCredential passwordCredential = new PasswordCredential(authData.getUserName(), authData.getPassword());
        passwordCredential.setManagedConnectionFactory(managedConnectionFacotry);
        this.temporarySubject.getPrivateCredentials().add(passwordCredential);
        this.succeeded = true;
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        setUpSubject();
        return true;
    }

    private void setUpSubject() {
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.websphere.security.jca.WSPrincipalMappingLoginModule.1
            static final long serialVersionUID = -8399447235463174685L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            @Override // java.security.PrivilegedAction
            public Object run() {
                WSPrincipalMappingLoginModule.this.updateSubjectWithTemporarySubjectContents();
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateSubjectWithTemporarySubjectContents() {
        this.subject.getPrivateCredentials().addAll(this.temporarySubject.getPrivateCredentials());
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        cleanUpSubject();
        return true;
    }

    public boolean logout() throws LoginException {
        cleanUpSubject();
        return true;
    }

    private void cleanUpSubject() {
        if (this.temporarySubject != null) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.websphere.security.jca.WSPrincipalMappingLoginModule.2
                static final long serialVersionUID = -5098437160951724224L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                @Override // java.security.PrivilegedAction
                public Object run() {
                    WSPrincipalMappingLoginModule.this.removeSubjectPrivateCredentials();
                    return null;
                }
            });
        }
        this.temporarySubject = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeSubjectPrivateCredentials() {
        this.subject.getPrivateCredentials().removeAll(this.temporarySubject.getPrivateCredentials());
    }
}
