package com.ibm.ws.naming.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.util.StringUtils;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.security.auth.Subject;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/naming/util/SecurityUtil.class */
public final class SecurityUtil {
    private static final TraceComponent _tc = Tr.register((Class<?>) SecurityUtil.class, C.TRACE_GROUP_NAME, C.WSN_RSRC_BUNDLE);
    private static final String CLASS_NAME;
    private static ContextManager _secCtxMgr;

    public static synchronized ContextManager getSecurityContextManager() {
        if (_secCtxMgr == null) {
            _secCtxMgr = ContextManagerFactory.getInstance();
            if (_tc.isEventEnabled()) {
                Tr.event(_tc, "getSecurityContextManager", "saving security ContextManager");
            }
        }
        return _secCtxMgr;
    }

    public static Subject createBasicAuthSubject(String str, final String str2) throws NamingException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "createBasicAuthSubject", new String[]{"principal=" + str, "credentials=" + StringUtils.maskPassword(str2)});
        }
        final String realmFromUniqueID = WSSecurityPropagationHelper.getRealmFromUniqueID(str);
        final String userFromUniqueID = WSSecurityPropagationHelper.getUserFromUniqueID(str);
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "createBasicAuthSubject", new String[]{"realm=" + realmFromUniqueID, "user=" + userFromUniqueID});
        }
        try {
            Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: com.ibm.ws.naming.util.SecurityUtil.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Subject run() {
                    return SubjectHelper.createBasicAuthSubject(realmFromUniqueID, userFromUniqueID, str2);
                }
            });
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "createBasicAuthSubject", subject);
            }
            return subject;
        } catch (Throwable th) {
            RasUtil.logException(th, _tc, CLASS_NAME, "createBasicAuthSubject", "123");
            AuthenticationException authenticationException = new AuthenticationException("SubjectHelper.createBasicAuthSubject failed: " + th);
            authenticationException.initCause(th);
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "createBasicAuthSubject", authenticationException);
            }
            throw authenticationException;
        }
    }

    public static Subject login(String str, final String str2) throws NamingException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, AuditConstants.LOGIN, new String[]{"principal=" + str, "credentials=" + StringUtils.maskPassword(str2)});
        }
        final String realmFromUniqueID = WSSecurityPropagationHelper.getRealmFromUniqueID(str);
        final String userFromUniqueID = WSSecurityPropagationHelper.getUserFromUniqueID(str);
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, AuditConstants.LOGIN, new String[]{"realm=" + realmFromUniqueID, "user=" + userFromUniqueID});
        }
        try {
            Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>() { // from class: com.ibm.ws.naming.util.SecurityUtil.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Subject run() throws WSLoginFailedException {
                    return SecurityUtil.getSecurityContextManager().login(realmFromUniqueID, userFromUniqueID, str2);
                }
            });
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, AuditConstants.LOGIN, subject);
            }
            return subject;
        } catch (PrivilegedActionException e) {
            WSLoginFailedException wSLoginFailedException = (WSLoginFailedException) e.getException();
            RasUtil.logException(wSLoginFailedException, _tc, CLASS_NAME, AuditConstants.LOGIN, "172");
            AuthenticationException authenticationException = new AuthenticationException("Login failed: " + wSLoginFailedException);
            authenticationException.initCause(wSLoginFailedException);
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, AuditConstants.LOGIN, authenticationException);
            }
            throw authenticationException;
        }
    }

    public static Subject getRunAsSubject() throws NamingException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "getRunAsSubject");
        }
        try {
            Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>() { // from class: com.ibm.ws.naming.util.SecurityUtil.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Subject run() throws WSSecurityException {
                    return WSSubject.getRunAsSubject();
                }
            });
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "getRunAsSubject", subject);
            }
            return subject;
        } catch (PrivilegedActionException e) {
            WSSecurityException wSSecurityException = (WSSecurityException) e.getException();
            RasUtil.logException(wSSecurityException, _tc, CLASS_NAME, "getRunAsSubject", "207");
            NamingException namingException = new NamingException("WSSubject.getRunAsSubject failed: " + wSSecurityException);
            namingException.initCause(wSSecurityException);
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "getRunAsSubject", namingException);
            }
            throw namingException;
        }
    }

    public static void setRunAsSubject(final Subject subject) throws NamingException {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "setRunAsSubject", "subject=" + subject);
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.naming.util.SecurityUtil.4
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException {
                    WSSubject.setRunAsSubject(subject);
                    return null;
                }
            });
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "setRunAsSubject");
            }
        } catch (PrivilegedActionException e) {
            WSSecurityException wSSecurityException = (WSSecurityException) e.getException();
            RasUtil.logException(wSSecurityException, _tc, CLASS_NAME, "setRunAsSubject", "242");
            NamingException namingException = new NamingException("WSSubject.setRunAsSubject failed: " + wSSecurityException);
            namingException.initCause(wSSecurityException);
            if (_tc.isEntryEnabled()) {
                Tr.exit(_tc, "setRunAsSubject", namingException);
            }
            throw namingException;
        }
    }

    private SecurityUtil() {
    }

    static {
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "SOURCE CODE INFO: SERV1/ws/code/naming.client/src/com/ibm/ws/naming/util/SecurityUtil.java, WAS.naming.client, WAS855.SERV1, cf071531.02, ver. 1.5");
        }
        CLASS_NAME = SecurityUtil.class.getName();
        _secCtxMgr = null;
    }
}
