package com.worklight.core.auth.ext;

import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UserNamePasswordLoginModule;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/WebSphereLoginModule.class */
public class WebSphereLoginModule extends UserNamePasswordLoginModule {
    private String userName;
    private String password;
    private String userDisplayName;
    private HashMap<String, Object> attributes = new HashMap<>();
    private static final String className = WebSphereLoginModule.class.getName();
    private static final Logger logger = Logger.getLogger(className);

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public void abort() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "abort");
        }
        clearUserInfo();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "abort");
        }
    }

    private void clearUserInfo() {
        this.userName = null;
        this.password = null;
        this.userDisplayName = null;
        this.attributes.clear();
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public UserIdentity createIdenity(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "createIdenity");
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "createIdenity");
        }
        return createUserIdentity(str, this.userName, this.password, this.userDisplayName, null, this.attributes);
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public boolean login(Map<String, Object> map) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "login");
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) map.get("response");
        try {
            Subject subject = null;
            this.userName = getUserName(map);
            this.password = getPassword(map);
            if (this.password != null) {
                LoginContext loginContext = new LoginContext("WSLogin", new WSCallbackHandlerImpl(this.userName, this.password));
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Attempting login for " + this.userName);
                }
                loginContext.login();
                subject = loginContext.getSubject();
            } else {
                try {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Attempting to get user subject for globally authenticated user");
                    }
                    subject = WSSubject.getCallerSubject();
                    this.userName = WSSubject.getCallerPrincipal();
                } catch (WSSecurityException e) {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Failed to get caller subject for globally authenticated user");
                    }
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Getting credentials");
            }
            if (subject != null) {
                for (SingleSignonToken singleSignonToken : subject.getPrivateCredentials(SingleSignonToken.class)) {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Found security credential");
                    }
                    try {
                        byte[] bytes = singleSignonToken.getBytes();
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("Credential is: " + singleSignonToken.getName());
                        }
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("Value is: " + Base64.encodeBase64String(bytes));
                        }
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("Base64 encode is: " + bytes);
                        }
                        if (singleSignonToken.getName().contains("LtpaToken")) {
                            if (logger.isLoggable(Level.FINE)) {
                                logger.fine("Adding LTPA cookie");
                            }
                            if (logger.isLoggable(Level.FINE)) {
                                logger.fine("Token is: " + bytes);
                            }
                            httpServletResponse.addCookie(new Cookie("LtpaToken", Base64.encodeBase64String(bytes)));
                            this.attributes.put("LtpaToken", Base64.encodeBase64String(bytes));
                        }
                    } catch (Throwable th) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("Error while trying to get LtpaToken");
                        }
                    }
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(className, "login");
            }
            return subject != null;
        } catch (LoginException e2) {
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Failure logging in " + this.userName + ": " + e2);
            }
            if (!logger.isLoggable(Level.FINER)) {
                return false;
            }
            logger.exiting(className, "login");
            return false;
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModule
    public void logout() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(className, "logout");
        }
        clearUserInfo();
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(className, "logout");
        }
    }
}
