package com.filenet.apiimpl.authentication.util;

import com.filenet.apiimpl.authentication.FnceCallbackHandler;
import com.filenet.apiimpl.exception.ExceptionAuthn;
import com.filenet.apiimpl.util.J2EEType;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.axis.Message;

/* loaded from: input_file:runtime/Jace.jar:com/filenet/apiimpl/authentication/util/J2EEAuthnUtilWS.class */
class J2EEAuthnUtilWS extends J2EEAuthnUtil {
    private static final String FNAME = "[J2EEAuthnUtilWS] ";
    private static final int MIN_TIME = 60;
    private static Constructor m_WSTokenHolderCallback;
    private static Method m_WSSubject_doAs;
    private static Method m_WSSubject_doAsEx;
    private static Method m_WSSubject_getCallerSubject;
    private static Method m_WSTokenHolderCallback_getRequiresLogin;
    private static final String WSCREDENTIAL_EXPIRATION;
    private static final String WSCREDENTIAL_LONGSECURITYNAME;
    private static final String WSCREDENTIAL_PROPERTIES_KEY;
    private static final String WSCREDENTIAL_SECURITYNAME;
    private static final String WSCREDENTIAL_UNIQUEID;
    private static final String WSCREDENTIAL_CACHE_KEY;
    private static final String WSCREDENTIAL_GROUPS;
    private static final String[] WS_CALLBACK_PACKAGES = {"com.ibm.websphere.security.auth.callback", "com.ibm.wsspi.security.auth.callback"};
    private static HashMap consts = new HashMap();

    protected J2EEAuthnUtilWS() {
        fname = FNAME;
        this.krb5LoginModuleClass = "com.ibm.security.auth.module.Krb5LoginModule";
        this.krb5NormalClientLoginOptions = new String[]{"credsType=both"};
        this.krb5CachedClientLoginOptions = new String[]{"useDefaultCcache=true"};
        this.krb5ServiceLoginOptions = new String[]{"credsType=acceptor", "useDefaultKeytab=true"};
        this.krb5ServiceLoginOptionsKeytab = new String[]{"credsType=acceptor"};
        this.krb5KeytabOption = "useKeytab";
        this.krb5KeytabPrefix = "FILE:/";
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean handleServerCallbacks(LmState lmState, Callback[] callbackArr) throws UnsupportedCallbackException, IOException {
        try {
            int length = callbackArr.length;
            Callback[] callbackArr2 = new Callback[length + 1];
            System.arraycopy(callbackArr, 0, callbackArr2, 0, length);
            callbackArr2[length] = (Callback) m_WSTokenHolderCallback.newInstance("Authz token: ");
            lmState.callbackHandler.handle(callbackArr2);
            return ((Boolean) m_WSTokenHolderCallback_getRequiresLogin.invoke(callbackArr2[length], null)).booleanValue();
        } catch (Exception e) {
            e = e;
            if ((e instanceof InvocationTargetException) && e.getCause() != null) {
                e = (Exception) ((InvocationTargetException) e).getCause();
            }
            AuthnUtil.error(fname + "handleServerCallbacks: " + e.getLocalizedMessage());
            if (e instanceof UnsupportedCallbackException) {
                throw ((UnsupportedCallbackException) e);
            }
            throw processedException(e, getClass(), "handleServerCallbacks");
        }
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean precommitClientLogin(LmState lmState, char[] cArr) throws LoginException, IOException {
        if (cArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            if (lmState.isDebug) {
                AuthnUtil.log(fname + "precommit authenticate");
            }
            if (!J2EEType.isInitialContextOk()) {
                AuthnUtil.warn(fname + "InitialContext not okay!");
            }
            LoginContext loginContext = new LoginContext("FileNetP8", new FnceCallbackHandler(lmState.shortName, cArr));
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (subject == null) {
                AuthnUtil.warn(fname + "precommit authenticate returned null subject");
                throw new FailedLoginException(ExceptionAuthn.SECURITY_SUBJECT_NULL.toString());
            }
            if (lmState.isDebug) {
                AuthnUtil.log(fname + "precommit ClientContainer login successful");
            }
            lmState.newPrincipals.addAll(subject.getPrincipals());
            lmState.newPublicCredentials.addAll(subject.getPublicCredentials());
            lmState.newPrivateCredentials.addAll(subject.getPrivateCredentials());
            if (lmState.extraCred == null) {
                return true;
            }
            lmState.newPrivateCredentials.add(lmState.extraCred);
            return true;
        } catch (Exception e) {
            AuthnUtil.error(fname + "precommitClientLogin: " + e.getLocalizedMessage());
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            if (e instanceof IOException) {
                throw ((IOException) e);
            }
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw wrappedException(e);
        }
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean precommitServerLogin(LmState lmState) throws LoginException, IOException {
        String str = lmState.princName;
        String str2 = lmState.realm + '/' + str;
        String str3 = str2 + "_KerberosUser";
        Hashtable hashtable = new Hashtable();
        hashtable.put(WSCREDENTIAL_UNIQUEID, str2);
        hashtable.put(WSCREDENTIAL_SECURITYNAME, str);
        hashtable.put(WSCREDENTIAL_LONGSECURITYNAME, str2);
        hashtable.put(WSCREDENTIAL_GROUPS, new ArrayList());
        hashtable.put(WSCREDENTIAL_CACHE_KEY, str3);
        if (lmState.lifetime > 60 && lmState.lifetime < Integer.MAX_VALUE) {
            hashtable.put(WSCREDENTIAL_EXPIRATION, Long.toString(new Date().getTime() + ((lmState.lifetime - 60) * 1000)));
        }
        lmState.sharedState.put(WSCREDENTIAL_PROPERTIES_KEY, hashtable);
        lmState.extra = hashtable;
        if (lmState.isDebug) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(fname);
            stringBuffer.append("adding key '");
            stringBuffer.append(WSCREDENTIAL_PROPERTIES_KEY);
            stringBuffer.append("' to shared state with these values...");
            for (Map.Entry entry : hashtable.entrySet()) {
                stringBuffer.append('\n');
                stringBuffer.append(Message.MIME_UNKNOWN);
                stringBuffer.append(entry.getKey().toString());
                stringBuffer.append(" = ");
                stringBuffer.append(entry.getValue().toString());
            }
            AuthnUtil.log(stringBuffer.toString());
        }
        if (lmState.extraCred == null) {
            return true;
        }
        lmState.newPrivateCredentials.add(lmState.extraCred);
        return true;
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean precommitLogin(LmState lmState) throws LoginException, IOException {
        throw new UnsupportedOperationException();
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean commitServerLogin(LmState lmState) {
        if (lmState.extra != null && (lmState.extra instanceof Hashtable)) {
            lmState.sharedState.remove(WSCREDENTIAL_PROPERTIES_KEY);
            lmState.extra = null;
        }
        return commitLogin(lmState);
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public void cleanupLogin(LmState lmState) {
        if (lmState.extra != null && (lmState.extra instanceof Hashtable)) {
            lmState.sharedState.remove(WSCREDENTIAL_PROPERTIES_KEY);
            lmState.extra = null;
        }
        super.cleanupLogin(lmState);
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public Object runAs(Subject subject, PrivilegedAction privilegedAction) {
        return reflectionCall(m_WSSubject_doAs, null, new Object[]{subject, privilegedAction});
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public Object runAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        return reflectionCall(m_WSSubject_doAsEx, null, new Object[]{subject, privilegedExceptionAction});
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public Subject getCurrentSubject() {
        return (Subject) reflectionCall(m_WSSubject_getCallerSubject, null, null);
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public void handleCallback(Callback callback, Map map) throws UnsupportedCallbackException {
        String name = callback.getClass().getName();
        int lastIndexOf = name.lastIndexOf(46);
        if (lastIndexOf > 0) {
            name = name.substring(0, lastIndexOf);
        }
        for (int i = 0; i < WS_CALLBACK_PACKAGES.length; i++) {
            if (name.equals(WS_CALLBACK_PACKAGES[i])) {
                return;
            }
        }
        super.handleCallback(callback, map);
    }

    @Override // com.filenet.apiimpl.authentication.util.J2EEAuthnUtil
    public boolean isTicketsSPNToMatchLogins() {
        return true;
    }

    static {
        try {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Class<?> cls = Class.forName("com.ibm.websphere.security.auth.WSSubject", false, contextClassLoader);
            Class<?> cls2 = Class.forName("com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback", false, contextClassLoader);
            m_WSSubject_doAs = cls.getMethod("doAs", Subject.class, PrivilegedAction.class);
            m_WSSubject_doAsEx = cls.getMethod("doAs", Subject.class, PrivilegedExceptionAction.class);
            m_WSSubject_getCallerSubject = cls.getMethod("getCallerSubject", null);
            m_WSTokenHolderCallback_getRequiresLogin = cls2.getMethod("getRequiresLogin", null);
            m_WSTokenHolderCallback = cls2.getConstructor(String.class);
            fetchStaticConstants(Class.forName("com.ibm.wsspi.security.token.AttributeNameConstants"), consts);
            WSCREDENTIAL_EXPIRATION = (String) consts.get("WSCREDENTIAL_EXPIRATION");
            WSCREDENTIAL_LONGSECURITYNAME = (String) consts.get("WSCREDENTIAL_LONGSECURITYNAME");
            WSCREDENTIAL_PROPERTIES_KEY = (String) consts.get("WSCREDENTIAL_PROPERTIES_KEY");
            WSCREDENTIAL_SECURITYNAME = (String) consts.get("WSCREDENTIAL_SECURITYNAME");
            WSCREDENTIAL_UNIQUEID = (String) consts.get("WSCREDENTIAL_UNIQUEID");
            WSCREDENTIAL_CACHE_KEY = (String) consts.get("WSCREDENTIAL_CACHE_KEY");
            WSCREDENTIAL_GROUPS = (String) consts.get("WSCREDENTIAL_GROUPS");
        } catch (Exception e) {
            AuthnUtil.error("[J2EEAuthnUtilWS] Failed static initialization: " + e.getLocalizedMessage());
            if (!(e instanceof RuntimeException)) {
                throw wrappedException(e);
            }
            throw ((RuntimeException) e);
        }
    }
}
