package com.ibm.ws.security.authentication.utility;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.websphere.security_1.0.14.jar:com/ibm/ws/security/authentication/utility/SubjectHelper.class */
public class SubjectHelper {
    private static final TraceComponent tc = Tr.register(SubjectHelper.class);
    static final long serialVersionUID = -892250569803095632L;

    public boolean isUnauthenticated(Subject subject) {
        WSCredential wSCredential;
        if (subject == null || (wSCredential = getWSCredential(subject)) == null) {
            return true;
        }
        return wSCredential.isUnauthenticated();
    }

    public String getRealm(Subject subject) throws Exception {
        String str = null;
        WSCredential wSCredential = getWSCredential(subject);
        if (wSCredential != null) {
            str = wSCredential.getRealmName();
        }
        return str;
    }

    public WSCredential getWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }

    public Hashtable<String, ?> getHashtableFromSubject(final Subject subject, final String[] strArr) {
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, ?>>() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.1
            static final long serialVersionUID = 8403741094066435368L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, ?> run() {
                if (TraceComponent.isAnyTracingEnabled() && SubjectHelper.tc.isDebugEnabled()) {
                    Tr.debug(SubjectHelper.tc, "Looking for custom properties in public cred list.", new Object[0]);
                }
                Hashtable<String, ?> hashtable = SubjectHelper.this.getHashtable(subject.getPublicCredentials(), strArr);
                if (hashtable != null) {
                    return hashtable;
                }
                if (TraceComponent.isAnyTracingEnabled() && SubjectHelper.tc.isDebugEnabled()) {
                    Tr.debug(SubjectHelper.tc, "Looking for custom properties in private cred list.", new Object[0]);
                }
                Hashtable<String, ?> hashtable2 = SubjectHelper.this.getHashtable(subject.getPrivateCredentials(), strArr);
                if (hashtable2 != null) {
                    return hashtable2;
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Hashtable<String, ?> getHashtable(Set<Object> set, String[] strArr) {
        int i = 0;
        for (Object obj : set) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Object[" + i + "] in credential list: " + obj, new Object[0]);
            }
            if (obj instanceof Hashtable) {
                for (String str : strArr) {
                    if (((Hashtable) obj).get(str) != null) {
                        return (Hashtable) obj;
                    }
                }
            }
            i++;
        }
        return null;
    }

    public static GSSCredential getGSSCredentialFromSubject(final Subject subject) {
        KerberosTicket kerberosTicketFromSubject;
        if (subject == null) {
            return null;
        }
        GSSCredential gSSCredential = (GSSCredential) AccessController.doPrivileged(new PrivilegedAction<GSSCredential>() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.2
            static final long serialVersionUID = 1363074790083390286L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public GSSCredential run() {
                GSSCredential gSSCredential2 = null;
                Set privateCredentials = subject.getPrivateCredentials(GSSCredential.class);
                if (privateCredentials != null) {
                    Iterator it = privateCredentials.iterator();
                    if (it.hasNext()) {
                        gSSCredential2 = (GSSCredential) it.next();
                    }
                }
                return gSSCredential2;
            }
        });
        if (gSSCredential == null && (kerberosTicketFromSubject = getKerberosTicketFromSubject(subject, null)) != null) {
            gSSCredential = createGSSCredential(subject, kerberosTicketFromSubject);
        }
        return gSSCredential;
    }

    private static KerberosTicket getKerberosTicketFromSubject(final Subject subject, final String str) {
        return (KerberosTicket) AccessController.doPrivileged(new PrivilegedAction<KerberosTicket>() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.3
            static final long serialVersionUID = -7146177311615792679L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass3.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public KerberosTicket run() {
                Set<KerberosTicket> privateCredentials = subject.getPrivateCredentials(KerberosTicket.class);
                if (privateCredentials != null) {
                    for (KerberosTicket kerberosTicket : privateCredentials) {
                        if (str != null && !kerberosTicket.getClient().getName().startsWith(str)) {
                        }
                        return kerberosTicket;
                    }
                }
                return null;
            }
        });
    }

    public static boolean isSpnTGTInSubject(Subject subject, String str) {
        boolean z = false;
        if (getKerberosTicketFromSubject(subject, str) != null) {
            z = true;
        }
        return z;
    }

    public static boolean isTGTInSubjectValid(Subject subject, String str) {
        KerberosTicket kerberosTicketFromSubject = getKerberosTicketFromSubject(subject, str);
        if (kerberosTicketFromSubject != null) {
            return kerberosTicketFromSubject.isCurrent();
        }
        return false;
    }

    private static GSSCredential createGSSCredential(Subject subject, final KerberosTicket kerberosTicket) {
        return (GSSCredential) WSSubject.doAs(subject, new PrivilegedAction<Object>() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.4
            static final long serialVersionUID = 8133146334442070446L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass4.class);

            @Override // java.security.PrivilegedAction
            public Object run() {
                GSSCredential gSSCredential = null;
                try {
                    String name = kerberosTicket.getClient().getName();
                    Oid oid = new Oid("1.2.840.113554.1.2.2");
                    if (name != null && name.length() > 0) {
                        GSSManager gSSManager = GSSManager.getInstance();
                        gSSCredential = gSSManager.createCredential(gSSManager.createName(name, GSSName.NT_USER_NAME, oid).canonicalize(oid), Integer.MAX_VALUE, oid, 0);
                    }
                } catch (GSSException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.authentication.utility.SubjectHelper$4", "250", this, new Object[0]);
                    if (SubjectHelper.tc.isDebugEnabled()) {
                        Tr.debug(SubjectHelper.tc, "getGSSCredential unexpected exception", e);
                    }
                }
                return gSSCredential;
            }
        });
    }

    @Sensitive
    public Hashtable<String, ?> getSensitiveHashtableFromSubject(@Sensitive final Subject subject, @Sensitive final String[] strArr) {
        return (Hashtable) AccessController.doPrivileged(new PrivilegedAction<Hashtable<String, ?>>() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.5
            static final long serialVersionUID = -1290943062061820413L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass5.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Hashtable<String, ?> run() {
                if (TraceComponent.isAnyTracingEnabled() && SubjectHelper.tc.isDebugEnabled()) {
                    Tr.debug(SubjectHelper.tc, "Looking for custom properties in public cred list.", new Object[0]);
                }
                Hashtable<String, ?> sensitiveHashtable = SubjectHelper.this.getSensitiveHashtable(subject.getPublicCredentials(), strArr);
                if (sensitiveHashtable != null) {
                    return sensitiveHashtable;
                }
                if (TraceComponent.isAnyTracingEnabled() && SubjectHelper.tc.isDebugEnabled()) {
                    Tr.debug(SubjectHelper.tc, "Looking for custom properties in private cred list.", new Object[0]);
                }
                Hashtable<String, ?> sensitiveHashtable2 = SubjectHelper.this.getSensitiveHashtable(subject.getPrivateCredentials(), strArr);
                if (sensitiveHashtable2 != null) {
                    return sensitiveHashtable2;
                }
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Trivial
    public Hashtable<String, ?> getSensitiveHashtable(Set<Object> set, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(str);
        }
        for (Object obj : set) {
            if ((obj instanceof Hashtable) && ((Hashtable) obj).keySet().containsAll(arrayList)) {
                return (Hashtable) obj;
            }
        }
        return null;
    }

    private static String setSystemProperty(final String str, final String str2) {
        String str3 = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.authentication.utility.SubjectHelper.6
            static final long serialVersionUID = -7798008994906597697L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass6.class);

            @Override // java.security.PrivilegedAction
            public String run() {
                String property = System.getProperty(str);
                System.setProperty(str, str2);
                return property;
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, str + " property previous: " + (str3 != null ? str3 : "<null>") + " and now: " + str2, new Object[0]);
        }
        return str3;
    }
}
