package com.ibm.wsspi.wssecurity.auth.module;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.webservices.wssecurity.KRBConstants;
import com.ibm.ws.webservices.wssecurity.util.KRB5Util;
import com.ibm.wsspi.wssecurity.token.KRBMappedIdentityToken;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/wsspi/wssecurity/auth/module/KRBIdentityMappingLoginModule.class */
public abstract class KRBIdentityMappingLoginModule implements LoginModule {
    private static final String comp = "security.wssecurity.KRBIdentityMappingLoginModule";
    private Subject subject = null;
    private Map sharedState = null;
    private static TraceComponent tc;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize()");
        }
        this.subject = subject;
        this.sharedState = map;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize()");
        }
    }

    public abstract boolean login() throws LoginException;

    public boolean commit() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "commit()");
        }
        boolean z = false;
        try {
            String str = (String) this.sharedState.get(KRBConstants.STR_WSSECURITY_MAPPED_DN);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Mapped kerberos was principal " + str);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(KRBConstants.STR_WAS_PRINCIPAL, str);
            hashMap.put(KRBConstants.STR_UNIQUEID, KRBConstants.STR_MAPPED + KRB5Util.getUniqueID(str, true));
            hashMap.put("ValueType", KRBConstants.STR_KERBEROS_MAPPED_TOKEN_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Create a Kerberos Mapped Identity Token");
            }
            if (KRB5Util.addCredentialToSubject(this.subject, new KRBMappedIdentityToken(hashMap))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Subject is updated with mapped kerberos token.");
                }
                z = true;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Subject is not updated with mapped kerberos token.");
            }
        } catch (Throwable th) {
            Tr.error(tc, "security.wssecurity.kerberos.unexpected.exception", KRB5Util.stackToString(th));
            FFDCFilter.processException(th, KRBIdentityMappingLoginModule.class.getName(), "1");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "commit()");
        }
        return z;
    }

    public boolean abort() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "abort()");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "abort()");
        return true;
    }

    public boolean logout() throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logout()");
        }
        cleanup();
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "logout()");
        return true;
    }

    private void cleanup() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanup()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanup()");
        }
    }

    static {
        tc = null;
        tc = Tr.register((Class<?>) KRBIdentityMappingLoginModule.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    }
}
