package com.ibm.ws.security.credentials.wscred;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.credentials.ExpirableCredential;
import com.ibm.ws.security.sso.common.SsoService;
import java.io.UnsupportedEncodingException;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.AuthPermission;
import javax.security.auth.login.CredentialExpiredException;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.credentials_1.0.13.jar:com/ibm/ws/security/credentials/wscred/WSCredentialImpl.class */
public class WSCredentialImpl implements WSCredential, ExpirableCredential {
    private static final long serialVersionUID = 7097141765627715179L;
    private static final String REALM_SEPARATOR = "/";
    private static final String LTPA_AUTHMECH_OID = "1.3.18.0.2.30.2";
    private static final String DEFAULT_AUTHMECH_OID = "1.3.18.0.2.30.2";
    private final String realmName;
    private final String securityName;
    private final String realmSecurityName;
    private final String uniqueSecurityName;
    private final String realmUniqueSecurityName;
    private final String primaryGroupId;
    private final String accessId;
    private final ArrayList<String> groupIds;
    private long expiration;
    private final boolean unauthenticated;
    private final boolean isBasicAuthCred;
    private final boolean forwardable;
    private final String authMechOID;
    private final Hashtable<String, Object> hashTable;
    private byte[] credentialToken;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(WSCredentialImpl.class);
    private static final Permission APP_READ_PERMISSION = new AuthPermission("wssecurity.applicationReadCredential");
    private static final Permission APP_UPDATE_PERMISSION = new AuthPermission("wssecurity.applicationUpdateCredential");
    private static final Permission READ_PERMISSION = new AuthPermission("wssecurity.readCredential");
    private static final Permission UPDATE_PERMISSION = new AuthPermission("wssecurity.updateCredential");
    private static final Permission CREATE_PERMISSION = new AuthPermission("wssecurity.createCredential");
    private static byte[] emptyByteArray = new byte[0];

    public WSCredentialImpl(String str, String str2, String str3, String str4, String str5, String str6, List<String> list, List<String> list2) {
        this.expiration = 0L;
        this.credentialToken = null;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
        this.realmName = str;
        this.securityName = str2;
        this.realmSecurityName = str + "/" + str2;
        this.uniqueSecurityName = str3;
        this.realmUniqueSecurityName = str + "/" + str3;
        this.primaryGroupId = str5;
        this.accessId = str6;
        this.groupIds = list2 != null ? createListCopy(list2) : new ArrayList<>();
        this.unauthenticated = str4 != null && str4.equalsIgnoreCase(str2);
        this.hashTable = new Hashtable<>(32);
        this.isBasicAuthCred = false;
        this.forwardable = true;
        this.authMechOID = "1.3.18.0.2.30.2";
    }

    public WSCredentialImpl(String str, String str2, @Sensitive String str3) {
        this.expiration = 0L;
        this.credentialToken = null;
        this.realmName = str;
        this.securityName = str2;
        this.credentialToken = getConvertedBytes(str3);
        this.isBasicAuthCred = true;
        this.authMechOID = "oid:2.23.130.1.1.1";
        this.forwardable = true;
        this.uniqueSecurityName = null;
        this.realmSecurityName = null;
        this.realmUniqueSecurityName = null;
        this.accessId = null;
        this.primaryGroupId = null;
        this.groupIds = null;
        this.unauthenticated = false;
        this.hashTable = new Hashtable<>(32);
    }

    @FFDCIgnore({UnsupportedEncodingException.class})
    @Sensitive
    private static byte[] getConvertedBytes(@Sensitive String str) {
        byte[] bArr = null;
        if (str == null) {
            return null;
        }
        if (str.length() == 0) {
            return emptyByteArray;
        }
        try {
            bArr = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
        }
        return bArr;
    }

    private ArrayList<String> createListCopy(List<String> list) {
        ArrayList<String> arrayList = new ArrayList<>();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmName() throws CredentialDestroyedException, CredentialExpiredException {
        return this.realmName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        return this.securityName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        return this.realmSecurityName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getUniqueSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        return this.uniqueSecurityName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getRealmUniqueSecurityName() throws CredentialDestroyedException, CredentialExpiredException {
        return this.realmUniqueSecurityName;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public long getExpiration() throws CredentialDestroyedException, CredentialExpiredException {
        return this.expiration;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getPrimaryGroupId() throws CredentialDestroyedException, CredentialExpiredException {
        return this.primaryGroupId;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getAccessId() throws CredentialDestroyedException, CredentialExpiredException {
        return this.accessId;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public ArrayList getGroupIds() throws CredentialDestroyedException, CredentialExpiredException {
        return this.groupIds;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object get(String str) throws CredentialDestroyedException, CredentialExpiredException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(APP_READ_PERMISSION);
        }
        if (str.startsWith(SsoService.TYPE_WSSECURITY) && securityManager != null) {
            securityManager.checkPermission(READ_PERMISSION);
        }
        return this.hashTable.get(str);
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public Object set(String str, Object obj) throws CredentialDestroyedException, CredentialExpiredException {
        SecurityManager securityManager = System.getSecurityManager();
        if (str.startsWith(SsoService.TYPE_WSSECURITY) && securityManager != null) {
            securityManager.checkPermission(UPDATE_PERMISSION);
        }
        if (this.hashTable.get(str) != null && securityManager != null) {
            securityManager.checkPermission(APP_UPDATE_PERMISSION);
        }
        return this.hashTable.put(str, obj);
    }

    @Override // com.ibm.ws.security.credentials.ExpirableCredential
    public void setExpiration(long j) {
        this.expiration = j;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isUnauthenticated() {
        return this.unauthenticated;
    }

    public String toString() {
        return super.toString() + ",realmName=" + this.realmName + ",securityName=" + this.securityName + ",realmSecurityName=" + this.realmSecurityName + ",uniqueSecurityName=" + this.uniqueSecurityName + ",primaryGroupId=" + this.primaryGroupId + ",accessId=" + this.accessId + ",groupIds=" + this.groupIds;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public String getOID() throws CredentialDestroyedException, CredentialExpiredException {
        return this.authMechOID;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isBasicAuth() {
        return this.isBasicAuthCred;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    public boolean isForwardable() throws CredentialDestroyedException, CredentialExpiredException {
        return this.forwardable;
    }

    @Override // com.ibm.websphere.security.cred.WSCredential
    @Sensitive
    public byte[] getCredentialToken() throws CredentialDestroyedException, CredentialExpiredException {
        if (this.credentialToken != null) {
            return (byte[]) this.credentialToken.clone();
        }
        return null;
    }
}
