package com.ibm.ws.security.authentication.jaas.modules;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.AccessIdUtil;
import com.ibm.ws.security.authentication.AuthenticationConstants;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.SingleSignonToken;
import java.io.IOException;
import java.security.Principal;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.builtin_1.0.16.jar:com/ibm/ws/security/authentication/jaas/modules/HashtableLoginModule.class */
public class HashtableLoginModule extends ServerCommonLoginModule implements LoginModule {
    private static final TraceComponent tc = Tr.register(HashtableLoginModule.class);
    private Object customCacheKey = null;
    private String uniqueUserId = null;
    private String username = null;
    private String urAuthenticatedId = null;
    private String customRealm = null;
    private final String[] hashtableLoginProperties = {AttributeNameConstants.WSCREDENTIAL_UNIQUEID, AttributeNameConstants.WSCREDENTIAL_USERID, AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, AttributeNameConstants.WSCREDENTIAL_REALM, "com.ibm.wsspi.security.cred.cacheKey", AuthenticationConstants.INTERNAL_ASSERTION_KEY};
    private boolean uniquedIdAndSecurityNameLogin = false;
    private boolean useIdAndPasswordLogin = false;
    private boolean userIdNoPasswordLogin = false;
    private Hashtable<String, ?> customProperties = null;
    private boolean customPropertiesFromSubject = false;
    static final long serialVersionUID = -965748211021475051L;

    @Override // com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule
    public Callback[] getRequiredCallbacks(CallbackHandler callbackHandler) throws IOException, UnsupportedCallbackException {
        return null;
    }

    public boolean login() throws LoginException {
        if (isAlreadyProcessed()) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Already processed by other login module, abstaining.", new Object[0]);
            return false;
        }
        this.customProperties = (Hashtable) this.sharedState.get(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY);
        if (this.customProperties == null && this.subject != null) {
            this.customProperties = new SubjectHelper().getHashtableFromSubject(this.subject, this.hashtableLoginProperties);
            if (this.customProperties != null) {
                this.customPropertiesFromSubject = true;
                this.sharedState.put(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY, this.customProperties);
            }
        }
        if (this.customProperties == null) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "No Hashtable could be found, abstaining.", new Object[0]);
            return false;
        }
        this.customCacheKey = getCustomCacheKey(this.customProperties);
        this.customRealm = (String) this.customProperties.get(AttributeNameConstants.WSCREDENTIAL_REALM);
        String str = (String) this.customProperties.get(AttributeNameConstants.WSCREDENTIAL_UNIQUEID);
        String str2 = (String) this.customProperties.get(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME);
        String str3 = (String) this.customProperties.get(AttributeNameConstants.WSCREDENTIAL_USERID);
        String str4 = (String) this.customProperties.get(AttributeNameConstants.WSCREDENTIAL_PASSWORD);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled() && str3 != null && str != null && str2 != null) {
            Tr.debug(tc, "The userId is set in addition to uniqueId and securityName. Only the uniqueId and securityName will be used to create the subject.", new Object[0]);
        }
        if (str3 != null && str4 != null) {
            return handleUserIdAndPassword(str3, str4);
        }
        if (str != null && str2 != null) {
            return handleUniquedIdAndSecurityName(str, str2, this.customProperties);
        }
        if (str3 != null && allowLoginWithIdOnly(this.customProperties)) {
            return handleUserId(str3);
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Not enough information in Hashtable to continue, abstaining.", new Object[0]);
        return false;
    }

    private boolean allowLoginWithIdOnly(Hashtable<String, ?> hashtable) {
        AuthenticationService authenticationService = getAuthenticationService();
        if (authenticationService != null && authenticationService.isAllowHashTableLoginWithIdOnly().booleanValue()) {
            return true;
        }
        Boolean bool = Boolean.FALSE;
        if (this.customPropertiesFromSubject) {
            Object obj = hashtable.get(AuthenticationConstants.INTERNAL_ASSERTION_KEY);
            bool = (Boolean) (obj != null ? obj : Boolean.FALSE);
            removeInternalAssertionHashtable(hashtable);
        } else {
            Hashtable<String, ?> hashtableFromSubject = this.subjectHelper.getHashtableFromSubject(this.subject, new String[]{AuthenticationConstants.INTERNAL_ASSERTION_KEY});
            if (hashtableFromSubject != null && !hashtableFromSubject.isEmpty()) {
                bool = Boolean.TRUE;
                removeInternalAssertionHashtable(hashtableFromSubject);
            }
        }
        return bool.booleanValue();
    }

    private boolean handleUserId(String str) throws AuthenticationException {
        this.userIdNoPasswordLogin = true;
        setAlreadyProcessed();
        try {
            setAlreadyProcessed();
            this.userIdNoPasswordLogin = true;
            String uniqueUserId = getUserRegistry().getUniqueUserId(str);
            if (uniqueUserId == null) {
                return false;
            }
            this.username = str;
            this.uniqueUserId = uniqueUserId;
            setUpTemporarySubject();
            updateSharedState();
            return true;
        } catch (EntryNotFoundException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.jaas.modules.HashtableLoginModule", "186", this, new Object[]{str});
            Tr.audit(tc, "JAAS_AUTHENTICATION_FAILED_BADUSER", str);
            throw new AuthenticationException(e.getLocalizedMessage(), e);
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authentication.jaas.modules.HashtableLoginModule", "189", this, new Object[]{str});
            throw new AuthenticationException(e2.getLocalizedMessage(), e2);
        }
    }

    @FFDCIgnore({AuthenticationException.class})
    private boolean handleUserIdAndPassword(String str, String str2) throws AuthenticationException, LoginException {
        try {
            setAlreadyProcessed();
            this.useIdAndPasswordLogin = true;
            UserRegistry userRegistry = getUserRegistry();
            this.urAuthenticatedId = userRegistry.checkPassword(str, str2);
            if (this.urAuthenticatedId == null) {
                Tr.audit(tc, "JAAS_AUTHENTICATION_FAILED_BADUSERPWD", str);
                throw new AuthenticationException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", "JAAS_AUTHENTICATION_FAILED_BADUSERPWD", new Object[]{str}, "CWWKS1100I: Authentication failed for the userid {0}. A bad userid and/or password was specified."));
            }
            this.username = getSecurityName(str, this.urAuthenticatedId);
            this.uniqueUserId = userRegistry.getUniqueUserId(this.urAuthenticatedId);
            setUpTemporarySubject();
            updateSharedState();
            return true;
        } catch (AuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authentication.jaas.modules.HashtableLoginModule", "229", this, new Object[]{str, str2});
            throw new AuthenticationException(e2.getLocalizedMessage(), e2);
        }
    }

    private boolean handleUniquedIdAndSecurityName(String str, String str2, Hashtable<String, ?> hashtable) throws AuthenticationException {
        setAlreadyProcessed();
        this.temporarySubject = new Subject();
        this.temporarySubject.getPrivateCredentials().add(hashtable);
        this.uniquedIdAndSecurityNameLogin = true;
        this.uniqueUserId = str;
        this.username = str2;
        String str3 = str;
        try {
            if (!AccessIdUtil.isUserAccessId(str3)) {
                str3 = AccessIdUtil.createAccessId("user", getRealm(hashtable), this.username);
            }
            setPrincipalAndCredentials(this.temporarySubject, this.username, null, str3, "hashtable");
            addJaspicPrincipal(this.temporarySubject);
            updateSharedState();
            return true;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.jaas.modules.HashtableLoginModule", "259", this, new Object[]{str, str2, hashtable});
            throw new AuthenticationException(e.getLocalizedMessage(), e);
        }
    }

    private String getRealm(Hashtable<String, ?> hashtable) {
        String str = this.customRealm;
        if (str == null) {
            str = AccessIdUtil.getRealm(this.uniqueUserId);
            if (str == null) {
                try {
                    str = getUserRegistry().getRealm();
                } catch (RegistryException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.authentication.jaas.modules.HashtableLoginModule", "278", this, new Object[]{hashtable});
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "getUserRegistry() caught an exception: " + e.getMessage(), new Object[0]);
                    }
                }
            }
            if (str == null) {
                str = "defaultRealm";
            }
        }
        return str;
    }

    private void addJaspicPrincipal(Subject subject) throws Exception {
        WSCredential wSCredential;
        Principal principal = (Principal) this.customProperties.get("com.ibm.wsspi.security.cred.jaspi.principal");
        if (principal != null) {
            Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
            if (it.hasNext() && (wSCredential = (WSCredential) it.next()) != null) {
                wSCredential.set("com.ibm.wsspi.security.cred.jaspi.principal", principal);
            }
            subject.getPrincipals().add(principal);
        }
    }

    private void setUpTemporarySubject() throws Exception {
        this.temporarySubject = new Subject();
        setPrincipalAndCredentials(this.temporarySubject, this.username, this.urAuthenticatedId, AccessIdUtil.createAccessId("user", getUserRegistry().getRealm(), this.uniqueUserId), "hashtable");
        addJaspicPrincipal(this.temporarySubject);
    }

    private Object getCustomCacheKey(Hashtable<String, ?> hashtable) {
        Object obj = hashtable.get("com.ibm.wsspi.security.cred.cacheKey");
        if (obj != null && (obj instanceof String) && ((String) obj).equals("")) {
            obj = null;
        }
        return obj;
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean commit() throws LoginException {
        SingleSignonToken sSOToken;
        if (this.customCacheKey == null && !this.uniquedIdAndSecurityNameLogin && !this.useIdAndPasswordLogin && !this.userIdNoPasswordLogin) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEventEnabled()) {
                return false;
            }
            Tr.event(tc, "Authentication did not occur for this login module, abstaining.", new Object[0]);
            return false;
        }
        if (this.uniquedIdAndSecurityNameLogin || this.useIdAndPasswordLogin || this.userIdNoPasswordLogin) {
            setUpSubject();
        }
        if ((this.customCacheKey == null && this.customRealm == null) || (sSOToken = getSSOToken(this.subject)) == null) {
            return true;
        }
        if (this.customCacheKey != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Add custom cache key into SSOToken", new Object[0]);
            }
            sSOToken.addAttribute("com.ibm.wsspi.security.cred.cacheKey", (String) this.customCacheKey);
        }
        if (this.customRealm == null) {
            return true;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Add custom realm into SSOToken", new Object[0]);
        }
        sSOToken.addAttribute(AttributeNameConstants.WSCREDENTIAL_REALM, this.customRealm);
        return true;
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean abort() {
        return cleanup();
    }

    @Override // com.ibm.ws.security.jaas.common.modules.CommonLoginModule
    public boolean logout() {
        return cleanup();
    }

    private boolean cleanup() {
        cleanUpSubject();
        this.customCacheKey = null;
        this.username = null;
        this.uniqueUserId = null;
        this.urAuthenticatedId = null;
        return true;
    }

    private void removeInternalAssertionHashtable(Hashtable<String, ?> hashtable) {
        Set<Object> publicCredentials = this.subject.getPublicCredentials();
        publicCredentials.remove(hashtable);
        hashtable.remove(AuthenticationConstants.INTERNAL_ASSERTION_KEY);
        hashtable.remove(AttributeNameConstants.WSCREDENTIAL_USERID);
        if (hashtable.isEmpty()) {
            return;
        }
        publicCredentials.add(hashtable);
    }
}
