package com.ibm.ctg.security.idprop;

import com.ibm.ctg.client.T;
import com.ibm.ctg.security.CICSPrincipal;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginException;

/* JADX WARN: Classes with same name are omitted:
  input_file:install/CICS32kSample.zip:cicseci9101/build/classes/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/CICS32kSample.zip:cicseci9101/connectorModule/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/taderc25.zip:cicseci9101/build/classes/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/taderc25.zip:cicseci9101/connectorModule/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/taderc99.zip:cicseci9101/build/classes/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/taderc99.zip:cicseci9101/connectorModule/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
  input_file:install/taderc99command.zip:cicseci9101/build/classes/security.jar:com/ibm/ctg/security/idprop/LoginModule.class
 */
/* loaded from: input_file:install/taderc99command.zip:cicseci9101/connectorModule/security.jar:com/ibm/ctg/security/idprop/LoginModule.class */
public class LoginModule implements javax.security.auth.spi.LoginModule {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-I81,5725-B65,5655-Y20 (c) Copyright IBM Corp. 2009, 2012 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    public static final String CLASS_VERSION = "@(#) java/com/ibm/ctg/security/idprop/LoginModule.java, cd_gw_API_J2EE, c910-bsf c910-20150128-1005";
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map<String, String> options = null;
    private CICSPrincipal cicsPrincipal = null;
    private static final String PROPAGATION_IDENTITY_KEY = "propidentity";
    private static final String USE_CALLER_IDENTITY_VALUE = "caller";
    private static final String USE_RUNAS_IDENTITY_VALUE = "runas";

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean commit() throws LoginException {
        Subject runAsSubject;
        T.in(this, "commit()");
        if (this.subject != null) {
            T.ln(this, "Subject = {0}", this.subject.toString());
        } else {
            T.ln(this, "Passed in subject was null");
        }
        try {
            boolean z = false;
            boolean z2 = false;
            if (this.options != null) {
                for (Map.Entry<String, String> entry : this.options.entrySet()) {
                    T.ln(this, "LoginModule option [" + entry.getKey() + "=" + entry.getValue() + "]");
                    if (entry.getKey().equalsIgnoreCase(PROPAGATION_IDENTITY_KEY)) {
                        if (entry.getValue().equalsIgnoreCase(USE_CALLER_IDENTITY_VALUE)) {
                            z2 = true;
                        } else if (entry.getValue().equalsIgnoreCase(USE_RUNAS_IDENTITY_VALUE)) {
                            z = true;
                        }
                    }
                }
            }
            if (this.options == null || this.options.size() <= 0) {
                T.ln(this, "Defaulting to using RunAs subject as no option was specified");
                runAsSubject = WSSubject.getRunAsSubject();
            } else if (z) {
                T.ln(this, "Using RunAs subject as this option was specified");
                runAsSubject = WSSubject.getRunAsSubject();
            } else if (z2) {
                T.ln(this, "Using Caller subject as this option was specified");
                runAsSubject = WSSubject.getCallerSubject();
            } else {
                T.ln(this, "Defaulting to using RunAs subject as an unrecognised parameter was specified");
                runAsSubject = WSSubject.getRunAsSubject();
            }
            if (runAsSubject != null) {
                WSCredential wSCredentialInfo = getWSCredentialInfo(runAsSubject.getPublicCredentials(WSCredential.class));
                this.cicsPrincipal = new CICSPrincipal(wSCredentialInfo.getUniqueSecurityName(), wSCredentialInfo.getRealmName(), !wSCredentialInfo.isUnauthenticated());
                this.subject.getPrincipals().add(this.cicsPrincipal);
            } else {
                T.ln(this, "Call to get subject returned null");
            }
            T.out(this, "commit()");
            return true;
        } catch (Throwable th) {
            T.ex(this, th);
            LoginException loginException = new LoginException("Exception thrown within the CICS TG Login Module");
            loginException.initCause(th);
            throw loginException;
        }
    }

    private WSCredential getWSCredentialInfo(Set<WSCredential> set) {
        T.in(this, "getWSCredentialInfo", set);
        WSCredential wSCredential = null;
        if (set != null) {
            T.ln(this, "getWSCredentialInfo() WSCredential sets size = {0}", Integer.valueOf(set.size()));
            if (set.size() > 0) {
                wSCredential = set.iterator().next();
                T.ln(this, "WSCredential set contains " + wSCredential);
            }
        } else {
            T.ln(this, "passed in WSCredentials set was null");
        }
        if (wSCredential != null) {
            try {
                T.ln(this, " wscredential.getUniqueSecurityName() {0}", wSCredential.getUniqueSecurityName());
                T.ln(this, " wscredential.getRealmSecurityName() {0}", wSCredential.getRealmSecurityName());
                T.ln(this, " wscredential.isUnauthenticated() {0}", Boolean.valueOf(wSCredential.isUnauthenticated()));
            } catch (CredentialDestroyedException e) {
                T.ex(this, e);
            } catch (CredentialExpiredException e2) {
                T.ex(this, e2);
            }
        }
        T.out(this, "getWSCredentialInfo()", wSCredential);
        return wSCredential;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        try {
            T.in(this, "initialize()");
            setSubject(subject);
            setCallbackHandler(callbackHandler);
            setSharedState(map);
            setOptions(map2);
        } catch (Throwable th) {
            T.ex(this, th);
        }
        T.out(this, "initialize()");
    }

    public boolean login() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        return true;
    }

    protected void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    protected void setSharedState(Map map) {
        this.sharedState = map;
    }

    protected void setOptions(Map map) {
        this.options = map;
    }

    protected void setSubject(Subject subject) {
        this.subject = subject;
    }
}
