package com.ibm.ws.sib.security.auth;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.sib.admin.JsAdminService;
import com.ibm.ws.sib.admin.SIBExceptionBusNotFound;
import com.ibm.ws.sib.comms.ConnectionMetaData;
import com.ibm.ws.sib.security.BusSecurityConstants;
import com.ibm.ws.sib.security.auth.login.AbstractLoginAction;
import com.ibm.ws.sib.security.auth.login.AnonymousLoginAction;
import com.ibm.ws.sib.security.auth.login.BusIdentityAssertionLoginAction;
import com.ibm.ws.sib.security.auth.login.BusUserNamePasswordLoginAction;
import com.ibm.ws.sib.security.auth.login.CertificateLoginAction;
import com.ibm.ws.sib.security.auth.login.IdentityAssertionLoginAction;
import com.ibm.ws.sib.security.auth.login.LTPALoginAction;
import com.ibm.ws.sib.security.auth.login.SubjectBasedLoginAction;
import com.ibm.ws.sib.security.auth.login.UnauthenticatedLoginAction;
import com.ibm.ws.sib.security.auth.login.UserNamePasswordLoginAction;
import com.ibm.ws.sib.utils.Password;
import com.ibm.ws.sib.utils.SIBUuid8;
import com.ibm.ws.sib.utils.ras.SibTr;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;

/* loaded from: input_file:lib/com.ibm.ws.sib.server.jar:com/ibm/ws/sib/security/auth/SibLoginImpl.class */
public class SibLoginImpl implements SibLogin {
    public static final String $sccsid = "@(#) 1.66 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/SibLoginImpl.java, SIB.security, WASX.SIB, ww1616.03 09/09/09 10:12:36 [4/26/16 09:54:45]";
    private static final TraceComponent _tc = SibTr.register(SibLoginImpl.class, BusSecurityConstants.TRC_GROUP, BusSecurityConstants.MSG_BUNDLE);
    private static AuthUtils _authUtils = AuthUtilsFactory.getInstance().getAuthUtils();

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, String str2) {
        SIBSubject create;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, "password not traced"});
        }
        if (str == null) {
            str = "";
        }
        if (str2 == null) {
            str2 = "";
        }
        if (_authUtils.isServerSecure()) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Server security is enabled, checking the user name and password");
            }
            create = (SIBSubject) AccessController.doPrivileged(new UserNamePasswordLoginAction(null, str, new Password(str2)));
        } else {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Server security is disabled so allow the authentication to pass");
            }
            create = SIBSubjectImpl.create();
        }
        if (create != null) {
            ((SIBSubjectImpl) create).setReadOnly();
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, create);
        }
        if (create == null) {
            return null;
        }
        return create.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str) {
        SIBSubject create;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str});
        }
        if (str == null) {
            str = "";
        }
        if (_authUtils.isServerSecure()) {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Server security is enabled, checking the user name and password");
            }
            create = (SIBSubject) AccessController.doPrivileged(new IdentityAssertionLoginAction(null, str));
        } else {
            if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                SibTr.debug(_tc, "Server security is disabled so allow the authentication to pass");
            }
            create = SIBSubjectImpl.create();
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, create);
        }
        if (create == null) {
            return null;
        }
        return create.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, Certificate[] certificateArr, ConnectionMetaData connectionMetaData) {
        SIBSubject login;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, certificateArr, connectionMetaData});
        }
        if (certificateArr == null) {
            login = null;
        } else {
            AbstractLoginAction anonymousLoginAction = new AnonymousLoginAction();
            if (_authUtils.isBusSecure(str)) {
                anonymousLoginAction = new CertificateLoginAction(str, certificateArr);
            }
            login = login(str, anonymousLoginAction, connectionMetaData);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, login);
        }
        if (login == null) {
            return null;
        }
        return login.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, Subject subject) {
        SIBSubject login;
        SIBSubject create = SIBSubjectImpl.create(subject);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, create});
        }
        if (create == null) {
            login = null;
        } else if (create.isSIBAuthenticated()) {
            login = create;
        } else {
            boolean isBusSecure = _authUtils.isBusSecure(str);
            AbstractLoginAction anonymousLoginAction = new AnonymousLoginAction();
            if (isBusSecure) {
                anonymousLoginAction = new SubjectBasedLoginAction(str, create);
            } else if (WSSecurityHelper.isGlobalSecurityEnabled() && !isWASUnauthenticatedSubject(create)) {
                anonymousLoginAction = new UnauthenticatedLoginAction(create.getUserName());
            }
            login = login(str, anonymousLoginAction, (ConnectionMetaData) null);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, login);
        }
        if (login == null) {
            return null;
        }
        return login.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, String str2, String str3) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, str2, "password not traced"});
        }
        SIBSubject create = SIBSubjectImpl.create(login(str, str2, str3, (ConnectionMetaData) null));
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, create);
        }
        if (create == null) {
            return null;
        }
        return create.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, String str2, String str3, ConnectionMetaData connectionMetaData) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, str2, "password not traced", connectionMetaData});
        }
        boolean isBusSecure = _authUtils.isBusSecure(str);
        if (str2 == null) {
            str2 = "";
        }
        if (str3 == null) {
            str3 = "";
        }
        AbstractLoginAction anonymousLoginAction = new AnonymousLoginAction();
        if (isBusSecure) {
            if (!"".equals(str2) || !"".equals(str3)) {
                anonymousLoginAction = new BusUserNamePasswordLoginAction(str, str2, new Password(str3));
            }
        } else if (!"".equals(str2)) {
            anonymousLoginAction = new UnauthenticatedLoginAction(str2);
        }
        SIBSubject login = login(str, anonymousLoginAction, connectionMetaData);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, login);
        }
        if (login == null) {
            return null;
        }
        return login.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, byte[] bArr, String str2) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, bArr, str2});
        }
        SIBSubject create = SIBSubjectImpl.create(login(str, bArr, str2, (ConnectionMetaData) null));
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, create);
        }
        if (create == null) {
            return null;
        }
        return create.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, byte[] bArr, String str2, ConnectionMetaData connectionMetaData) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, bArr, str2, connectionMetaData});
        }
        SIBSubject sIBSubject = null;
        boolean isBusSecure = _authUtils.isBusSecure(str);
        boolean z = isBusSecure && "LTPA".equals(str2);
        AbstractLoginAction anonymousLoginAction = new AnonymousLoginAction();
        if (z) {
            anonymousLoginAction = new LTPALoginAction(str, bArr);
        }
        if (!isBusSecure || z) {
            sIBSubject = login(str, anonymousLoginAction, connectionMetaData);
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, sIBSubject);
        }
        if (sIBSubject == null) {
            return null;
        }
        return sIBSubject.getSubject();
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public void logout(String str, Subject subject) {
        SIBSubject create = SIBSubjectImpl.create(subject);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "logout", new Object[]{str, create});
        }
        AuditLogger.logout(str, create);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "logout");
        }
    }

    @Override // com.ibm.ws.sib.security.auth.SibLogin
    public Subject login(String str, String str2, ConnectionMetaData connectionMetaData) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, str2, connectionMetaData});
        }
        boolean isBusSecure = _authUtils.isBusSecure(str);
        if (str2 == null) {
            str2 = "";
        }
        AbstractLoginAction abstractLoginAction = null;
        if (!isBusSecure) {
            abstractLoginAction = !"".equals(str2) ? new UnauthenticatedLoginAction(str2) : new AnonymousLoginAction();
        } else if (!"".equals(str2)) {
            abstractLoginAction = new BusIdentityAssertionLoginAction(str, str2);
        }
        SIBSubject login = login(str, abstractLoginAction, connectionMetaData);
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, login);
        }
        if (login == null) {
            return null;
        }
        return login.getSubject();
    }

    private SIBSubject login(String str, AbstractLoginAction abstractLoginAction, ConnectionMetaData connectionMetaData) {
        final SIBSubject sIBSubject;
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, AuditConstants.LOGIN, new Object[]{str, abstractLoginAction, connectionMetaData});
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "busSecure = " + _authUtils.isBusSecure(str) + " login action = " + abstractLoginAction);
        }
        if (abstractLoginAction != null) {
            sIBSubject = (SIBSubject) AccessController.doPrivileged(abstractLoginAction);
            try {
                String str2 = str + ":" + JsAdminService.getInstance().getDefinedBus(str).getUuid().toString() + ":" + new SIBUuid8().toString();
                if (sIBSubject == null) {
                    AuditLogger.authenticationFailed(str, abstractLoginAction.getLoginType(), abstractLoginAction.getUserName(), new AuditMetaDataImpl(connectionMetaData, str, str2, abstractLoginAction.getUserName(), null));
                } else if (!sIBSubject.isSIBServerSubject()) {
                    final AuditMetaDataImpl auditMetaDataImpl = new AuditMetaDataImpl(connectionMetaData, str, str2, abstractLoginAction.getUserName(), isAuthenticated(sIBSubject) ? SubjectHelper.getWSCredentialFromSubject(sIBSubject.getSubject()).getUniqueSecurityName() : "");
                    AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.sib.security.auth.SibLoginImpl.1
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            sIBSubject.getPrivateCredentials().add(auditMetaDataImpl);
                            return null;
                        }
                    });
                    ((SIBSubjectImpl) sIBSubject).setReadOnly();
                    AuditLogger.authenticationSucceeded(str, abstractLoginAction.getLoginType(), abstractLoginAction.getUserName(), auditMetaDataImpl);
                }
            } catch (CredentialExpiredException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ws.sib.security.auth.SibLoginImpl.login", "643", (Object) this);
                AuditLogger.authenticationFailed(str, abstractLoginAction.getLoginType(), abstractLoginAction.getUserName(), new AuditMetaDataImpl(connectionMetaData, str, null, abstractLoginAction.getUserName(), null));
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "The subject credential has expired");
                }
            } catch (CredentialDestroyedException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.sib.security.auth.SibLoginImpl.login", "650", this);
                AuditLogger.authenticationFailed(str, abstractLoginAction.getLoginType(), abstractLoginAction.getUserName(), new AuditMetaDataImpl(connectionMetaData, str, null, abstractLoginAction.getUserName(), null));
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "The subject credential has been destroyed");
                }
            } catch (SIBExceptionBusNotFound e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.sib.security.auth.SibLoginImpl.login", "631", this);
                AuditLogger.authenticationFailed(str, abstractLoginAction.getLoginType(), abstractLoginAction.getUserName(), new AuditMetaDataImpl(connectionMetaData, str, null, abstractLoginAction.getUserName(), null));
                if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
                    SibTr.debug(_tc, "The bus " + str + " could not be found");
                }
            }
        } else {
            sIBSubject = null;
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, AuditConstants.LOGIN, sIBSubject);
        }
        return sIBSubject;
    }

    private boolean isWASUnauthenticatedSubject(SIBSubject sIBSubject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(this, _tc, "isWASUnauthenticatedSubject", sIBSubject);
        }
        boolean z = true;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(sIBSubject.getSubject());
        if (wSCredentialFromSubject != null) {
            z = wSCredentialFromSubject.isUnauthenticated();
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(this, _tc, "isWASUnauthenticatedSubject", Boolean.valueOf(z));
        }
        return z;
    }

    private static boolean isAuthenticated(SIBSubject sIBSubject) {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.entry(_tc, "isAuthenticated", sIBSubject);
        }
        boolean z = false;
        if (sIBSubject != null) {
            z = ((SIBPrincipal) sIBSubject.getPrincipals(SIBPrincipal.class).iterator().next()).isAuthenticated();
        }
        if (TraceComponent.isAnyTracingEnabled() && _tc.isEntryEnabled()) {
            SibTr.exit(_tc, "isAuthenticated", Boolean.valueOf(z));
        }
        return z;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && _tc.isDebugEnabled()) {
            SibTr.debug(_tc, "Source Info: @(#) 1.66 SIB/ws/code/sib.security.impl/src/com/ibm/ws/sib/security/auth/SibLoginImpl.java, SIB.security, WASX.SIB, ww1616.03 09/09/09 10:12:36 [4/26/16 09:54:45]");
        }
    }
}
