package com.ibm.ws.security.spnego;

import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.sib.mfp.mqinterop.CMQC;
import com.ibm.ws.sib.mqfapchannel.impl.MQFapConstants;
import com.ibm.wsspi.security.spnego.SpnegoTAIFilter;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Locale;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/spnego/TrustAssociationInterceptorImpl.class */
public class TrustAssociationInterceptorImpl implements TrustAssociationInterceptor {
    private static final String VERSION = "Version 6.1.0";
    private AllServerConfigs config;
    private static final String ME = TrustAssociationInterceptorImpl.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
    private static HashMap<String, TrustAssociationInterceptorImpl> _cache = new HashMap<>();
    private static HashMap<String, Properties> _propertiesCache = new HashMap<>();

    public static synchronized TrustAssociationInterceptorImpl getInstance() {
        return getInstance(SecurityObjectLocator.getSecurityConfig());
    }

    public static synchronized TrustAssociationInterceptorImpl getInstance(SecurityConfig securityConfig) {
        String domain = securityConfig.getDomain();
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, MQFapConstants.JFAP_CHANNELFW_GETINSTANCE, "domainID: " + domain);
        }
        TrustAssociationInterceptorImpl trustAssociationInterceptorImpl = _cache.get(domain);
        if (trustAssociationInterceptorImpl != null) {
            return trustAssociationInterceptorImpl;
        }
        TrustAssociationInterceptorImpl trustAssociationInterceptorImpl2 = new TrustAssociationInterceptorImpl();
        _cache.put(domain, trustAssociationInterceptorImpl2);
        return trustAssociationInterceptorImpl2;
    }

    public static void setInstance(TrustAssociationInterceptorImpl trustAssociationInterceptorImpl, SecurityConfig securityConfig) {
        _cache.put(securityConfig.getDomain(), trustAssociationInterceptorImpl);
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WebTrustAssociationFailedException {
        TAIResult create;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "negotiateValidateandEstablishTrust");
        }
        try {
            create = SpnegoHandler.handleRequest(httpServletRequest, httpServletResponse, this.config);
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl.negotiateValidateandEstablishTrust", "134", this);
            logger.logp(Level.SEVERE, ME, "negotiateValidateandEstablishTrust", "security.spnego.unexpected.exception", new Object[]{th});
            create = TAIResult.create(CMQC.MQFB_CICS_BRIDGE_FAILURE);
        }
        if (create != null && create.getStatus() == 200 && logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "negotiateValidateandEstablishTrust", "Authenticated user: " + create.getAuthenticatedPrincipal() + " Subject: " + create.getSubject());
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "negotiateValidateandEstablishTrust", create);
        }
        return create;
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isTargetInterceptor");
        }
        if (!this.config.isTAIEnabled()) {
            if (!logger.isLoggable(Level.FINER)) {
                return false;
            }
            logger.exiting(ME, "isTargetInterceptor: TrustAssociationInterceptorImpl is not enabled");
            return false;
        }
        try {
            String canonicalHostname = this.config.getCanonicalHostname(httpServletRequest.getServerName());
            if (this.config.isIncludePortInSPN()) {
                Integer num = new Integer(httpServletRequest.getServerPort());
                if (num.intValue() != 80) {
                    canonicalHostname = canonicalHostname + ":" + num.toString();
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "isTargetInterceptor", "Checking host match for " + canonicalHostname);
            }
            if (this.config.isReloadEnabled() && this.config.isItTimeToReload()) {
                this.config.reload();
            }
            if (!ServerCredentialsFactory.hasServerCredentialsFor(canonicalHostname)) {
                if (!logger.isLoggable(Level.FINER)) {
                    return false;
                }
                logger.exiting(ME, "isTargetInterceptor: no credentials match");
                return false;
            }
            boolean z = false;
            ServerConfig serverConfig = this.config.getServerConfig(canonicalHostname);
            if (serverConfig != null) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "isTargetInterceptor", "Got a match for the server config");
                }
                SpnegoTAIFilter filterClass = serverConfig.getFilterClass();
                z = filterClass == null ? true : filterClass.isAccepted(httpServletRequest);
            } else if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "isTargetInterceptor", "Failed to get a match for the server config");
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, "isTargetInterceptor: " + z);
            }
            return z;
        } catch (UnknownHostException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl.isTargetInterceptor", "198");
            if (!logger.isLoggable(Level.FINER)) {
                return false;
            }
            logger.exiting(ME, "isTargetInterceptor: Hostname not resolved");
            return false;
        }
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public synchronized int initialize(Properties properties) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "initialize");
        }
        String domain = SecurityObjectLocator.getSecurityConfig().getDomain();
        Properties properties2 = _propertiesCache.get(domain);
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "initialize", "properties: " + properties);
            logger.logp(Level.FINER, ME, "initialize", "propsCache: " + properties2);
        }
        if (properties2 != null && properties2.equals(properties)) {
            if (!logger.isLoggable(Level.FINER)) {
                return 0;
            }
            logger.exiting(ME, "initialize: found properties in cache for domain: " + domain);
            return 0;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "initialize", "not found properties in cache for domain: " + domain);
        }
        try {
            this.config = new AllServerConfigs(properties);
            if (Boolean.getBoolean("com.ibm.ws.security.spnego.LocaleFix")) {
                Locale locale = Locale.getDefault();
                Locale locale2 = new Locale("en", "US");
                if (!locale.equals(locale2)) {
                    Locale.setDefault(locale2);
                    logger.logp(Level.WARNING, ME, "initialize", "security.spnego.fix.locale", new Object[]{locale.toString(), locale2.toString()});
                }
            }
            try {
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "initialize", "JGSS Initialization started. For detailed JGSS debug trace set JVM property com.ibm.security.jgss.debug=all");
                }
                SpnegoHandler.initializeServerCreds(this.config);
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "initialize", "JGSS Initialization completed.");
                }
                _propertiesCache.clear();
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "initialize", "cache it for domainID: " + domain + " properties: " + properties);
                }
                _propertiesCache.put(domain, properties);
                logger.logp(Level.INFO, ME, "initialize", "security.spnego.init.ok", new Object[]{this.config.toString()});
                if (!logger.isLoggable(Level.FINER)) {
                    return 0;
                }
                logger.exiting(ME, "initialize");
                return 0;
            } catch (TAIConfigurationException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl.initialize", "332", this);
                logger.logp(Level.SEVERE, ME, "initialize", "security.spnego.init.failed", new Object[]{e.getMessage(), properties});
                return 1;
            }
        } catch (TAIConfigurationException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl.initialize", "299", this);
            logger.logp(Level.SEVERE, ME, "initialize", "security.spnego.init.failed", e2.getLocalizedMessage());
            logger.exiting(ME, "initialize");
            return 1;
        }
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public void cleanup() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "cleanup");
        }
        this.config.cleanup();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "cleanup");
        }
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public String getVersion() {
        if (!logger.isLoggable(Level.FINER)) {
            return VERSION;
        }
        logger.entering(ME, "getVersion");
        logger.exiting(ME, "getVersion", VERSION);
        return VERSION;
    }

    @Override // com.ibm.wsspi.security.tai.TrustAssociationInterceptor
    public String getType() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getType");
        }
        String name = getClass().getName();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "getType", name);
        }
        return name;
    }

    protected void setConfiguration(AllServerConfigs allServerConfigs) {
        this.config = allServerConfigs;
    }
}
