package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.TrustAssociationInterceptor;
import com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.WebTrustAssociationUserException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.tai.NegotiateTrustAssociationInterceptor;
import com.ibm.wsspi.security.tai.TAIPrincipal;
import com.ibm.wsspi.security.tai.TAIResult;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/web/TAIWrapper.class */
final class TAIWrapper {
    private TrustAssociationInterceptor tai;
    private NegotiateTrustAssociationInterceptor taiV2;
    private com.ibm.wsspi.security.tai.TrustAssociationInterceptor taiV3;
    private String name;
    private static final TraceComponent tc = Tr.register(TAIWrapper.class, (String) null, "com.ibm.ejs.resources.security");

    /* JADX INFO: Access modifiers changed from: package-private */
    public TAIWrapper(Object obj) {
        this.tai = null;
        this.taiV2 = null;
        this.taiV3 = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "TAIWrapper(" + obj + ")");
        }
        if (obj == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TrustAssociationInterceptor is null");
            }
            throw new NullPointerException("TrustAssociationInterceptor is null");
        }
        if (obj instanceof com.ibm.wsspi.security.tai.TrustAssociationInterceptor) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Trust association type: com.ibm.wsspi.security.tai.TrustAssociationInterceptor");
            }
            this.taiV3 = (com.ibm.wsspi.security.tai.TrustAssociationInterceptor) obj;
            setName(this.taiV3.getType());
        } else if (obj instanceof NegotiateTrustAssociationInterceptor) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Trust association type: com.ibm.wsspi.security.tai.NegotiateTrustAssociationInterceptor");
            }
            this.taiV2 = (NegotiateTrustAssociationInterceptor) obj;
            if (obj instanceof WebSphereBaseTrustAssociationInterceptor) {
                setName(((WebSphereBaseTrustAssociationInterceptor) obj).getType());
            } else {
                setName(getClassName());
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Trust association type: com.ibm.websphere.security.TrustAssociationInterceptor");
            }
            this.tai = (TrustAssociationInterceptor) obj;
            if (obj instanceof WebSphereBaseTrustAssociationInterceptor) {
                setName(((WebSphereBaseTrustAssociationInterceptor) obj).getType());
            } else {
                setName(getClassName());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "TAIWrapper(" + obj + ")");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TAIResult negotiateAndValidateEstablishedTrust(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WebTrustAssociationFailedException, WebTrustAssociationUserException {
        TAIResult create;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "negotiateAndValidateEstablishedTrust()");
        }
        if (this.taiV3 != null) {
            create = this.taiV3.negotiateValidateandEstablishTrust(httpServletRequest, httpServletResponse);
        } else if (this.taiV2 != null) {
            int negotiateAndValidateEstablishedTrust = this.taiV2.negotiateAndValidateEstablishedTrust(httpServletRequest, httpServletResponse);
            if (negotiateAndValidateEstablishedTrust == 200) {
                Subject subject = this.taiV2.getSubject();
                if (subject != null) {
                    String tAIUsernameFromSubjectPrincipal = getTAIUsernameFromSubjectPrincipal(subject);
                    if (tAIUsernameFromSubjectPrincipal != null) {
                        tAIUsernameFromSubjectPrincipal = tAIUsernameFromSubjectPrincipal.trim();
                        if (tAIUsernameFromSubjectPrincipal.length() == 0) {
                            tAIUsernameFromSubjectPrincipal = null;
                        }
                    }
                    if (tAIUsernameFromSubjectPrincipal == null) {
                        tAIUsernameFromSubjectPrincipal = this.taiV2.getAuthenticatedUsername(httpServletRequest);
                    }
                    create = TAIResult.create(negotiateAndValidateEstablishedTrust, tAIUsernameFromSubjectPrincipal, subject);
                } else {
                    create = TAIResult.create(negotiateAndValidateEstablishedTrust, this.taiV2.getAuthenticatedUsername(httpServletRequest));
                }
            } else {
                create = TAIResult.create(negotiateAndValidateEstablishedTrust);
            }
        } else {
            this.tai.validateEstablishedTrust(httpServletRequest);
            create = TAIResult.create(200, this.tai.getAuthenticatedUsername(httpServletRequest));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "negotiateAndValidateEstablishedTrust(): status code = " + create.getStatus());
        }
        return create;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTargetInterceptor()");
        }
        boolean isTargetInterceptor = this.taiV3 != null ? this.taiV3.isTargetInterceptor(httpServletRequest) : this.taiV2 != null ? this.taiV2.isTargetInterceptor(httpServletRequest) : this.tai.isTargetInterceptor(httpServletRequest);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTargetInterceptor(): " + this.name + " returning " + isTargetInterceptor);
        }
        return isTargetInterceptor;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        if (this.taiV3 != null) {
            this.taiV3.cleanup();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, this.name + " is cleaned up");
            }
        } else if (this.taiV2 != null) {
            if (this.taiV2 instanceof WebSphereBaseTrustAssociationInterceptor) {
                ((WebSphereBaseTrustAssociationInterceptor) this.taiV2).cleanup();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, this.name + " is cleaned up");
                }
            }
        } else if (this.tai instanceof WebSphereBaseTrustAssociationInterceptor) {
            ((WebSphereBaseTrustAssociationInterceptor) this.tai).cleanup();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, this.name + " is cleaned up");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getName() {
        return this.name;
    }

    private void setName(String str) {
        if (str != null) {
            String trim = str.trim();
            if (trim.length() != 0) {
                this.name = trim;
            }
        }
        if (this.name == null) {
            this.name = getClassName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Trust association class name: " + this.name);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getClassName() {
        String str = null;
        if (this.taiV3 != null) {
            str = this.taiV3.getClass().getName();
        } else if (this.taiV2 != null) {
            str = this.taiV2.getClass().getName();
        } else if (this.tai != null) {
            str = this.tai.getClass().getName();
        }
        return str;
    }

    private String getTAIUsernameFromSubjectPrincipal(final Subject subject) throws WebTrustAssociationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTAIUsernameFromSubjectPrincipal");
        }
        String str = null;
        if (subject != null) {
            try {
                str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.web.TAIWrapper.1
                    /* JADX WARN: Multi-variable type inference failed */
                    /* JADX WARN: Type inference failed for: r0v37, types: [java.lang.Object[]] */
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WebTrustAssociationFailedException {
                        Set<Principal> principals = subject.getPrincipals();
                        Principal[] array = principals.size() > 0 ? principals.toArray() : null;
                        if (array != null && array.length == 1) {
                            if (array[0] instanceof Principal) {
                                return array[0].getName();
                            }
                            Tr.error(TAIWrapper.tc, "security.web.ta.invalidprincipal");
                            return null;
                        }
                        if (array == null) {
                            return null;
                        }
                        String str2 = null;
                        for (int i = 0; i < array.length; i++) {
                            if (array[i] instanceof TAIPrincipal) {
                                if (str2 != null) {
                                    Tr.error(TAIWrapper.tc, "security.web.ta.invalidprincipal");
                                    throw new WebTrustAssociationFailedException("More than one com.ibm.wsspi.security.tai.TAIPrincipal in the Subject");
                                }
                                str2 = array[i].getName();
                            }
                        }
                        if (str2 == null) {
                            Tr.error(TAIWrapper.tc, "security.web.ta.invalidprincipal");
                        }
                        return str2;
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e.getException(), "com.ibm.ws.security.web.TAIWrapper.getTAIUsernameFromSubjectPrincipal", "328", this);
                throw ((WebTrustAssociationFailedException) e.getException());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTAIUsernameFromSubjectPrincipal: " + str);
        }
        return str;
    }
}
