package com.ibm.ejs.j2c;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.j2c.SecurityHelper;
import com.ibm.ws.rsadapter.spi.InternalDataStoreHelper;
import com.ibm.ws.rsadapter.spi.WSManagedConnectionFactory;
import com.ibm.ws.security.auth.j2c.GenericCredentialImpl;
import com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtensionFactory;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.Constants;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamField;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import javax.resource.ResourceException;
import javax.resource.spi.ConnectionRequestInfo;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.GenericCredential;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ejs/j2c/ThreadIdentitySecurityHelper.class */
public class ThreadIdentitySecurityHelper implements SecurityHelper {
    private static final long serialVersionUID = 8149240599418799687L;
    private ManagedConnectionFactory mcf;
    private MCFExtendedProperties mcfXProps;
    private transient WSLoginLocalOSExtension securityLoginExtension;
    private transient boolean m_SyncToThreadEnabled;
    private boolean m_AppSyncToThreadEnabled;
    private boolean m_ThreadSecurity;
    private String m_ThreadIdentitySupport;
    private boolean m_GlobalSecurityEnabled;
    private transient String nl;
    private static TraceComponent tc = Tr.register((Class<?>) ThreadIdentitySecurityHelper.class, J2CConstants.traceSpec, J2CConstants.messageFile);
    private static final ObjectStreamField[] serialPersistentFields = {new ObjectStreamField("mcf", ManagedConnectionFactory.class), new ObjectStreamField("mcfXProps", MCFExtendedProperties.class), new ObjectStreamField("m_AppSyncToThreadEnabled", Boolean.TYPE), new ObjectStreamField("m_ThreadSecurity", Boolean.TYPE), new ObjectStreamField("m_ThreadIdentitySupport", String.class), new ObjectStreamField("m_GlobalSecurityEnabled", Boolean.TYPE)};
    private transient PrivilegedExceptionAction getLocalOSInvocationSubject;

    /* renamed from: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper$1SecurityData, reason: invalid class name */
    /* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ejs/j2c/ThreadIdentitySecurityHelper$1SecurityData.class */
    class C1SecurityData {
        boolean syncToThreadEnabled;
        boolean appSyncToThreadEnabled;
        boolean globalSecurityEnabled;
        WSLoginLocalOSExtension secLoginExtension;

        C1SecurityData() {
        }

        public boolean getGlobalSecurityEnabled() {
            return this.globalSecurityEnabled;
        }

        public WSLoginLocalOSExtension getSecurityLoginExtension() {
            return this.secLoginExtension;
        }

        public boolean getSyncToThreadEnabled() {
            return this.syncToThreadEnabled;
        }

        public boolean getAppSyncToThreadEnabled() {
            return this.appSyncToThreadEnabled;
        }

        public void setGlobalSecurityEnabled(boolean z) {
            this.globalSecurityEnabled = z;
        }

        public void setSecurityLoginExtension(WSLoginLocalOSExtension wSLoginLocalOSExtension) {
            this.secLoginExtension = wSLoginLocalOSExtension;
        }

        public void setSyncToThreadEnabled(boolean z) {
            this.syncToThreadEnabled = z;
        }

        public void setAppSyncToThreadEnabled(boolean z) {
            this.appSyncToThreadEnabled = z;
        }
    }

    public ThreadIdentitySecurityHelper() {
        this.mcf = null;
        this.mcfXProps = null;
        this.m_ThreadIdentitySupport = null;
        this.m_GlobalSecurityEnabled = false;
        this.nl = null;
        this.getLocalOSInvocationSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ThreadIdentitySecurityHelper.this.securityLoginExtension.getLocalOSInvocationSubject();
            }
        };
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject unexpected");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Throwable th = new Throwable();
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("       ThreadIdentitySecurityHelper unexpected deserialization stack trace information:" + this.nl);
            StackTraceElement[] stackTrace = th.getStackTrace();
            for (int i = 3; i < stackTrace.length; i++) {
                stringBuffer.append("          " + stackTrace[i].toString() + this.nl);
            }
            stringBuffer.append(this.nl);
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        putFields.put("mcf", this.mcf);
        putFields.put("mcfXProps", this.mcfXProps);
        putFields.put("m_AppSyncToThreadEnabled", this.m_AppSyncToThreadEnabled);
        putFields.put("m_ThreadSecurity", this.m_ThreadSecurity);
        putFields.put("m_ThreadIdentitySupport", this.m_ThreadIdentitySupport);
        putFields.put("m_GlobalSecurityEnabled", this.m_GlobalSecurityEnabled);
        objectOutputStream.writeFields();
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "readObject unexpected", objectInputStream);
        }
        ObjectInputStream.GetField readFields = objectInputStream.readFields();
        if (tc.isDebugEnabled()) {
            for (int i = 0; i < serialPersistentFields.length; i++) {
                String name = serialPersistentFields[i].getName();
                if (readFields.defaulted(name)) {
                    Tr.warning(tc, "DESERIALIZATION_FIELD_NOT_FOUND_J2CA0278", new Object[]{name, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper"});
                }
            }
        }
        this.mcf = (ManagedConnectionFactory) readFields.get("mcf", (Object) null);
        this.mcfXProps = (MCFExtendedProperties) readFields.get("mcfXProps", (Object) null);
        this.m_AppSyncToThreadEnabled = readFields.get("m_AppSyncToThreadEnabled", false);
        this.m_ThreadSecurity = readFields.get("m_ThreadSecurity", false);
        this.m_ThreadIdentitySupport = (String) readFields.get("m_ThreadIdentitySupport", (Object) null);
        this.m_GlobalSecurityEnabled = readFields.get("m_GlobalSecurityEnabled", false);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "readObject", new Object[]{this.mcf, this.mcfXProps, Boolean.valueOf(this.m_AppSyncToThreadEnabled), Boolean.valueOf(this.m_ThreadSecurity), this.m_ThreadIdentitySupport, Boolean.valueOf(this.m_GlobalSecurityEnabled)});
        }
    }

    public ThreadIdentitySecurityHelper(ManagedConnectionFactory managedConnectionFactory, MCFExtendedProperties mCFExtendedProperties) throws ResourceException {
        this.mcf = null;
        this.mcfXProps = null;
        this.m_ThreadIdentitySupport = null;
        this.m_GlobalSecurityEnabled = false;
        this.nl = null;
        this.getLocalOSInvocationSubject = new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                return ThreadIdentitySecurityHelper.this.securityLoginExtension.getLocalOSInvocationSubject();
            }
        };
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "ThreadIdentitySecurityHelper<init>:", new Object[]{this, managedConnectionFactory, mCFExtendedProperties});
        }
        if (this.nl == null) {
            this.nl = ConnectorRuntime.nl;
        }
        this.mcf = managedConnectionFactory;
        this.mcfXProps = mCFExtendedProperties;
        this.m_ThreadIdentitySupport = mCFExtendedProperties.getThreadIdentitySupport();
        this.m_ThreadSecurity = mCFExtendedProperties.getThreadSecurity().booleanValue();
        try {
            if (System.getSecurityManager() != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "ThreadIdentitySecurityHelper<init>: java2 security is enabled");
                }
                C1SecurityData c1SecurityData = (C1SecurityData) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        C1SecurityData c1SecurityData2 = new C1SecurityData();
                        ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                        WSLoginLocalOSExtension wSLoginLocalOSExtensionFactory = WSLoginLocalOSExtensionFactory.getInstance();
                        c1SecurityData2.setSecurityLoginExtension(wSLoginLocalOSExtensionFactory);
                        c1SecurityData2.setGlobalSecurityEnabled(contextManagerFactory.isServerSecurityEnabled());
                        c1SecurityData2.setSyncToThreadEnabled(wSLoginLocalOSExtensionFactory.isSyncToThreadEnabled());
                        c1SecurityData2.setAppSyncToThreadEnabled(wSLoginLocalOSExtensionFactory.isApplicationSyncToOSThreadEnabled());
                        return c1SecurityData2;
                    }
                });
                this.m_AppSyncToThreadEnabled = c1SecurityData.getAppSyncToThreadEnabled();
                this.m_SyncToThreadEnabled = c1SecurityData.getSyncToThreadEnabled();
                this.m_GlobalSecurityEnabled = c1SecurityData.getGlobalSecurityEnabled();
                this.securityLoginExtension = c1SecurityData.getSecurityLoginExtension();
            } else {
                this.securityLoginExtension = WSLoginLocalOSExtensionFactory.getInstance();
                this.m_SyncToThreadEnabled = this.securityLoginExtension.isSyncToThreadEnabled();
                this.m_AppSyncToThreadEnabled = this.securityLoginExtension.isApplicationSyncToOSThreadEnabled();
                this.m_GlobalSecurityEnabled = ContextManagerFactory.getInstance().isServerSecurityEnabled();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "ThreadIdentitySecurityHelper<init>");
            }
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.ThreadIdentitySecurityHelper", "826", this);
            Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e);
            Exception exception = e.getException();
            ResourceException resourceException = new ResourceException("ThreadIdentitySecurityHelper.constructor faile attempting to get the WSLoginLocalOSExtension from security.");
            resourceException.initCause(exception);
            throw resourceException;
        }
    }

    @Override // com.ibm.ws.j2c.SecurityHelper
    public Subject finalizeSubject(Subject subject, ConnectionRequestInfo connectionRequestInfo, CMConfigData cMConfigData) throws ResourceException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "finalizeSubject", new Object[]{this, getSubjectString(subject), connectionRequestInfo});
        }
        Subject subject2 = subject;
        if (subject != null) {
            if (this.m_ThreadIdentitySupport.equals(InternalDataStoreHelper.THREAD_IDENTITY_SUPPORT_ALLOWED)) {
                String aliasToFinalize = getAliasToFinalize(cMConfigData);
                if (aliasToFinalize == null || aliasToFinalize.equals("")) {
                    try {
                        subject2 = System.getSecurityManager() != null ? (Subject) AccessController.doPrivileged(this.getLocalOSInvocationSubject) : this.securityLoginExtension.getLocalOSInvocationSubject();
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "finalizeSubject(): No user identity was specifed. User identity has been defaulted to current thread identity");
                        }
                    } catch (IllegalStateException e) {
                        FFDCFilter.processException(e, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject", "826", this);
                        Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.finalizeSubject()", e});
                        ResourceException resourceException = new ResourceException("ThreadIdentitySecurityHelper.finalizeSubject() failed attempting to get local OS invocation subject");
                        resourceException.initCause(e);
                        throw resourceException;
                    } catch (PrivilegedActionException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject", "826", this);
                        Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
                        Exception exception = e2.getException();
                        ResourceException resourceException2 = new ResourceException("ThreadIdentitySecurityHelper.finalizeSubject() failed attempting to get local OS invocation subject");
                        resourceException2.initCause(exception);
                        throw resourceException2;
                    }
                }
            } else if (this.m_ThreadIdentitySupport.equals("REQUIRED")) {
                try {
                    subject2 = System.getSecurityManager() != null ? (Subject) AccessController.doPrivileged(this.getLocalOSInvocationSubject) : this.securityLoginExtension.getLocalOSInvocationSubject();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "finalizeSubject(): Connector REQUIRED specified user identity to be overridden by the current thread identity");
                    }
                } catch (IllegalStateException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject", "826", this);
                    Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.finalizeSubject()", e3});
                    ResourceException resourceException3 = new ResourceException("ThreadIdentitySecurityHelper.finalizeSubject() failed attempting to get local OS invocation subject");
                    resourceException3.initCause(e3);
                    throw resourceException3;
                } catch (PrivilegedActionException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject", "826", this);
                    Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e4);
                    Exception exception2 = e4.getException();
                    ResourceException resourceException4 = new ResourceException("ThreadIdentitySecurityHelper.finalizeSubject() failed attempting to get local OS invocation subject");
                    resourceException4.initCause(exception2);
                    throw resourceException4;
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "finalizeSubject", new Object[]{getSubjectString(subject2)});
        }
        return subject2;
    }

    @Override // com.ibm.ws.j2c.SecurityHelper
    public void finalizeCriForRRA(Subject subject, ConnectionRequestInfo connectionRequestInfo, ManagedConnectionFactory managedConnectionFactory) throws ResourceException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "finalizeCriForRRA");
        }
        if (subject != null) {
            ((WSManagedConnectionFactory) managedConnectionFactory).finalizeCriForRRA(subject, connectionRequestInfo);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "finalizeCriForRRA");
        }
    }

    @Override // com.ibm.ws.j2c.SecurityHelper
    public Object beforeGettingConnection(final Subject subject, ConnectionRequestInfo connectionRequestInfo) throws ResourceException {
        Set privateCredentials;
        GenericCredential genericCredential;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "beforeGettingConnection", new Object[]{this, getSubjectString(subject), connectionRequestInfo});
        }
        Object obj = null;
        if (this.m_GlobalSecurityEnabled) {
            if (this.m_ThreadIdentitySupport.equals(InternalDataStoreHelper.THREAD_IDENTITY_SUPPORT_ALLOWED) || this.m_ThreadIdentitySupport.equals("REQUIRED")) {
                if (subject != null) {
                    if (System.getSecurityManager() != null) {
                        try {
                            privateCredentials = (Set) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.3
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    return subject.getPrivateCredentials(GenericCredential.class);
                                }
                            });
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.beforeGettingConnection", "826", this);
                            Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e);
                            Exception exception = e.getException();
                            ResourceException resourceException = new ResourceException("ThreadIdentitySecurityHelper failed attempting to access Subject's credentials");
                            resourceException.initCause(exception);
                            throw resourceException;
                        }
                    } else {
                        privateCredentials = subject.getPrivateCredentials(GenericCredential.class);
                    }
                    final Iterator it = privateCredentials.iterator();
                    PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.4
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return it.next();
                        }
                    };
                    boolean z = false;
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (System.getSecurityManager() != null) {
                            try {
                                genericCredential = (GenericCredential) AccessController.doPrivileged(privilegedExceptionAction);
                            } catch (PrivilegedActionException e2) {
                                FFDCFilter.processException(e2, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.beforeGettingConnection", "826", this);
                                Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
                                Exception exception2 = e2.getException();
                                ResourceException resourceException2 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() failed attempting to access Subject's credentials");
                                resourceException2.initCause(exception2);
                                throw resourceException2;
                            }
                        } else {
                            genericCredential = (GenericCredential) it.next();
                        }
                        if (genericCredential.getMechType().equals(GenericCredentialImpl.secMechUToken)) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        if (this.m_ThreadSecurity) {
                            if (this.m_SyncToThreadEnabled) {
                                try {
                                    obj = System.getSecurityManager() != null ? AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.5
                                        @Override // java.security.PrivilegedExceptionAction
                                        public Object run() throws Exception {
                                            return ThreadIdentitySecurityHelper.this.securityLoginExtension.setLocalOSThreadID(subject);
                                        }
                                    }) : this.securityLoginExtension.setLocalOSThreadID(subject);
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "beforeGettingConnection() pushed the user identity associated with the thread to the OS Thread:  ", new Object[]{getSubjectString(subject)});
                                    }
                                } catch (IllegalStateException e3) {
                                    FFDCFilter.processException(e3, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.beforeGettingConnection", "826", this);
                                    Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.beforeGettingConnection()", e3});
                                    ResourceException resourceException3 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() failed attempting to push the current user identity to the OS Thread");
                                    resourceException3.initCause(e3);
                                    throw resourceException3;
                                } catch (PrivilegedActionException e4) {
                                    FFDCFilter.processException(e4, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.beforeGettingConnection", "826", this);
                                    Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e4);
                                    Exception exception3 = e4.getException();
                                    ResourceException resourceException4 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() failed attempting to push the current user identity to the OS Thread");
                                    resourceException4.initCause(exception3);
                                    throw resourceException4;
                                }
                            } else {
                                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "beforeGettingConnection() could not push user identity associated with the thread to the OS Thread  because server was not enabled for SyncToThread.");
                                }
                                if (this.m_AppSyncToThreadEnabled) {
                                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "beforeGettingConnection() pushing server identity to the OS Thread because Application SyncToThread is enabled.");
                                    }
                                    obj = synchServerSubjectToThread(false);
                                }
                            }
                        }
                    } else {
                        if (this.m_ThreadIdentitySupport.equals("REQUIRED")) {
                            try {
                                IllegalStateException illegalStateException = new IllegalStateException("ThreadIdentitySecurityHelper.beforeGettingConnection() detected Subject not setup for using thread identity, but the connector requires thread identity be used.");
                                Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.beforeGettingConnection()", illegalStateException});
                                throw illegalStateException;
                            } catch (IllegalStateException e5) {
                                ResourceException resourceException5 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() detected Subject with illegal state");
                                resourceException5.initCause(e5);
                                throw resourceException5;
                            }
                        }
                        if (!subject.getPrivateCredentials().iterator().hasNext()) {
                            try {
                                IllegalStateException illegalStateException2 = new IllegalStateException("ThreadIdentitySecurityHelper.beforeGettingConnection() detected Subject with no credentials.");
                                Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.beforeGettingConnection()", illegalStateException2});
                                throw illegalStateException2;
                            } catch (IllegalStateException e6) {
                                ResourceException resourceException6 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() detected Subject with illegal state");
                                resourceException6.initCause(e6);
                                throw resourceException6;
                            }
                        }
                    }
                } else if (this.m_ThreadSecurity && (this.m_SyncToThreadEnabled || this.m_AppSyncToThreadEnabled)) {
                    obj = synchServerSubjectToThread(true);
                }
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "beforeGettingConnection() processing skipped. Security not enabled.");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "beforeGettingConnection", new Object[]{obj});
        }
        return obj;
    }

    @Override // com.ibm.ws.j2c.SecurityHelper
    public void afterGettingConnection(Subject subject, ConnectionRequestInfo connectionRequestInfo, final Object obj) throws ResourceException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "afterGettingConnection", new Object[]{this, getSubjectString(subject), connectionRequestInfo, obj});
        }
        if (obj != null) {
            try {
                if (System.getSecurityManager() != null) {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.6
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            ThreadIdentitySecurityHelper.this.securityLoginExtension.restoreLocalOSThreadID(obj);
                            return null;
                        }
                    });
                } else {
                    this.securityLoginExtension.restoreLocalOSThreadID(obj);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "afterGettingConnection() restored OS thread identity");
                }
            } catch (IllegalStateException e) {
                FFDCFilter.processException(e, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.afterGettingConnection", "826", this);
                Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.afterGettingConnection()", e});
                ResourceException resourceException = new ResourceException("ThreadIdentitySecurityHelper.afterGettingConnection() failed attempting to restore user identity to the OS Thread");
                resourceException.initCause(e);
                throw resourceException;
            } catch (PrivilegedActionException e2) {
                FFDCFilter.processException(e2, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.afterGettingConnection", "826", this);
                Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
                Exception exception = e2.getException();
                ResourceException resourceException2 = new ResourceException("ThreadIdentitySecurityHelper.afterGettingConnection() failed attempting to restore user identity to the OS Thread");
                resourceException2.initCause(exception);
                throw resourceException2;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "afterGettingConnection");
        }
    }

    private Object synchServerSubjectToThread(final boolean z) throws ResourceException {
        Object localOSThreadID;
        try {
            if (System.getSecurityManager() != null) {
                localOSThreadID = AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.7
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        Subject localOSServerSubject = z ? ThreadIdentitySecurityHelper.this.securityLoginExtension.getLocalOSServerSubject() : ThreadIdentitySecurityHelper.this.securityLoginExtension.getLocalOSOwnSubject();
                        Object localOSThreadID2 = ThreadIdentitySecurityHelper.this.securityLoginExtension.setLocalOSThreadID(localOSServerSubject);
                        if (TraceComponent.isAnyTracingEnabled() && ThreadIdentitySecurityHelper.tc.isDebugEnabled()) {
                            Tr.debug(ThreadIdentitySecurityHelper.tc, "beforeGettingConnection() pushed Server Identity to the OS Thread:  ", new Object[]{ThreadIdentitySecurityHelper.this.getSubjectString(localOSServerSubject)});
                        }
                        return localOSThreadID2;
                    }
                });
            } else {
                Subject localOSServerSubject = z ? this.securityLoginExtension.getLocalOSServerSubject() : this.securityLoginExtension.getLocalOSOwnSubject();
                localOSThreadID = this.securityLoginExtension.setLocalOSThreadID(localOSServerSubject);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "beforeGettingConnection() pushed Server Identity to the OS Thread:  ", new Object[]{getSubjectString(localOSServerSubject)});
                }
            }
            return localOSThreadID;
        } catch (IllegalStateException e) {
            FFDCFilter.processException(e, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.synchServerSubjectToThread", "826", this);
            Tr.error(tc, "ILLEGAL_STATE_EXCEPTION_J2CA0079", new Object[]{"ThreadIdentitySecurityHelper.beforeGettingConnection()", e});
            ResourceException resourceException = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() failed attempting to push the server identity to the OS Thread");
            resourceException.initCause(e);
            throw resourceException;
        } catch (PrivilegedActionException e2) {
            FFDCFilter.processException(e2, "com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.synchServerSubjectToThread", "826", this);
            Tr.error(tc, "FAILED_DOPRIVILEGED_J2CA0060", e2);
            Exception exception = e2.getException();
            ResourceException resourceException2 = new ResourceException("ThreadIdentitySecurityHelper.beforeGettingConnection() failed attempting to push the server identity to the OS Thread");
            resourceException2.initCause(exception);
            throw resourceException2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getSubjectString(final Subject subject) {
        String str = null;
        if (subject != null) {
            if (System.getSecurityManager() != null) {
                try {
                    str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.8
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return subject.toString();
                        }
                    });
                } catch (PrivilegedActionException e) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception received in getSubjectString:", e);
                    }
                    str = "Subject cannot be traced due to a PrivilegedActionException";
                }
            } else {
                str = subject.toString();
            }
        }
        return str;
    }

    private String getAliasToFinalize(CMConfigData cMConfigData) {
        HashMap loginConfigProperties;
        String str = null;
        if (cMConfigData == null) {
            return null;
        }
        String loginConfigurationName = cMConfigData.getLoginConfigurationName();
        if (loginConfigurationName != null && !loginConfigurationName.equals("") && loginConfigurationName.equals(WSDefaultPrincipalMapping.DEFAULT_PRINCIPAL_MAPPING) && (loginConfigProperties = cMConfigData.getLoginConfigProperties()) != null && !loginConfigProperties.isEmpty()) {
            str = (String) loginConfigProperties.get(Constants.MAPPING_ALIAS);
        }
        if (str == null) {
            str = cMConfigData.getContainerAlias();
        }
        return str;
    }
}
