package com.ibm.ws.security.csiv2.server.config.css;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.rsadapter.FFDCLogger;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.security.csiv2.Authenticator;
import com.ibm.ws.security.csiv2.server.config.tss.ServerLTPAMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig;
import com.ibm.ws.transport.iiop.security.config.css.CSSSASMechConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSASMechConfig;
import com.ibm.ws.transport.iiop.security.util.Util;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.omg.CORBA.BAD_PARAM;
import org.omg.IOP.Codec;
import org.omg.PortableInterceptor.ClientRequestInfo;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2_1.0.13.jar:com/ibm/ws/security/csiv2/server/config/css/ClientLTPAMechConfig.class */
public class ClientLTPAMechConfig implements CSSASMechConfig {
    private static final long serialVersionUID = 1;
    private final String domain;
    private final boolean required;
    private final transient Authenticator authenticator;
    private final String mechanism = "LTPA";
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(ClientLTPAMechConfig.class);

    public ClientLTPAMechConfig(Authenticator authenticator, String str, boolean z) {
        this.authenticator = authenticator;
        this.domain = str;
        this.required = z;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public short getSupports() {
        return (short) 64;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public short getRequires() {
        return this.required ? (short) 64 : (short) 0;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public boolean canHandle(TSSASMechConfig tSSASMechConfig) {
        if (tSSASMechConfig instanceof ServerLTPAMechConfig) {
            return true;
        }
        return tSSASMechConfig.getRequires() == 0 && !this.required;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public String getMechanism() {
        return "LTPA";
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    public byte[] encode(TSSASMechConfig tSSASMechConfig, CSSSASMechConfig cSSSASMechConfig, ClientRequestInfo clientRequestInfo, Codec codec) {
        Subject subject = null;
        if (tSSASMechConfig instanceof ServerLTPAMechConfig) {
            subject = getSubject(cSSSASMechConfig, null);
        }
        return createEncoding(subject, clientRequestInfo, codec);
    }

    @FFDCIgnore({AuthenticationException.class})
    private Subject getSubject(CSSSASMechConfig cSSSASMechConfig, Subject subject) {
        if (cSSSASMechConfig.isAsserting()) {
            try {
                subject = this.authenticator.authenticate(cSSSASMechConfig.getTrustedIdentity());
            } catch (AuthenticationException e) {
            }
        } else {
            SubjectManager subjectManager = new SubjectManager();
            subject = subjectManager.getInvocationSubject();
            if (subject == null) {
                subject = subjectManager.getCallerSubject();
            }
        }
        return subject;
    }

    @Sensitive
    private byte[] createEncoding(Subject subject, ClientRequestInfo clientRequestInfo, Codec codec) {
        if (subject == null || new SubjectHelper().isUnauthenticated(subject)) {
            return new byte[0];
        }
        byte[] sSOTokenBytes = getSSOTokenBytes(subject);
        return isEncodingForWASClassic(clientRequestInfo) ? Util.encodeLTPATokenForWASClassic(codec, sSOTokenBytes) : Util.encodeLTPAToken(codec, sSOTokenBytes);
    }

    @Sensitive
    public byte[] getSSOTokenBytes(Subject subject) {
        SingleSignonToken singleSignonToken = null;
        byte[] bArr = null;
        Iterator it = subject.getPrivateCredentials(SingleSignonToken.class).iterator();
        if (it.hasNext()) {
            singleSignonToken = (SingleSignonToken) it.next();
        }
        if (singleSignonToken != null) {
            bArr = singleSignonToken.getBytes();
        }
        return bArr;
    }

    @FFDCIgnore({BAD_PARAM.class})
    private boolean isEncodingForWASClassic(ClientRequestInfo clientRequestInfo) {
        try {
            clientRequestInfo.get_effective_component(1229081866);
            return true;
        } catch (BAD_PARAM e) {
            return false;
        }
    }

    @Trivial
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString("", sb);
        return sb.toString();
    }

    @Override // com.ibm.ws.transport.iiop.security.config.css.CSSASMechConfig
    @Trivial
    public void toString(String str, StringBuilder sb) {
        String str2 = str + FFDCLogger.TAB;
        sb.append(str).append("CSSLTPAMechConfig: [\n");
        sb.append(str2).append("domain:   ").append(this.domain).append("\n");
        sb.append(str2).append("required  :   ").append(this.required).append("\n");
        sb.append(str).append("]\n");
    }
}
