package com.ibm.ISecurityUtilityImpl;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.CSIv2Security.RSAPropMechOID;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl;
import com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl;
import com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextAdminRSAPropImpl;
import com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import org.omg.CSI.KRB5MechOID;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ISecurityUtilityImpl/WSSecurityContextFactory.class */
public final class WSSecurityContextFactory {
    private String configuredOID;
    private static final TraceComponent tc = Tr.register((Class<?>) WSSecurityContextFactory.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");

    public static WSSecurityContextFactory getInstance() {
        return new WSSecurityContextFactory();
    }

    public WSSecurityContext createContext(String str) {
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        boolean z = cSIv2Config.getBoolean("com.ibm.websphere.security.krb.allowLTPAAuth");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "OID = " + str + " ltpaSupported = " + z);
        }
        if (!verifyOid(str)) {
            return null;
        }
        if (OID.compareOIDs(str, cSIv2Config.getString(CSIv2Config.ACTIVE_AUTH_MECH_OID))) {
            try {
                WSSecurityContext wSSecurityContext = (WSSecurityContext) Class.forName(cSIv2Config.getString(CSIv2Config.ACTIVE_AUTH_MECH_CLASS)).newInstance();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Instantiating WSSecurityContext instance: " + cSIv2Config.getString(CSIv2Config.ACTIVE_AUTH_MECH_CLASS));
                }
                return wSSecurityContext;
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory.createContext", "85", this);
                Tr.error(tc, "security.JSAS0438E", new Object[]{cSIv2Config.getString(CSIv2Config.ACTIVE_AUTH_MECH_CLASS), e.toString(), e});
                return null;
            }
        }
        if (OID.compareOIDs(str, GSSUPMechOID.value)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Instantiating GSSUP WSSecurityContext instance: com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl");
            }
            return new WSSecurityContextImpl();
        }
        if (OID.compareOIDs(str, LTPAMechOID.value) && z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Instantiating LTPA WSSecurityContext instance: com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl");
            }
            return new WSSecurityContextLTPAImpl();
        }
        if (OID.compareOIDs(str, RSAPropMechOID.value)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Instantiating AdminPropToken WSSecurityContext instance: com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextAdminRSAPropImpl");
            }
            return new WSSecurityContextAdminRSAPropImpl();
        }
        if (!OID.compareOIDs(str, KRB5MechOID.value)) {
            Tr.debug(tc, "JSAS0625E: Cannot instantiate WSSecurityContext instance for OID: " + str);
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Instantiating KRB5 WSSecurityContext instance: com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl");
        }
        return new Krb5WSSecurityContextImpl();
    }

    private WSSecurityContextFactory() {
        this.configuredOID = null;
        this.configuredOID = VaultImpl.getAuthenticationTarget().authTargetToOid(SecurityObjectLocator.getCSIv2Config().getInteger("com.ibm.CORBA.authenticationTarget"));
    }

    private boolean verifyOid(String str) {
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        boolean z = cSIv2Config.getBoolean("com.ibm.websphere.security.krb.allowLTPAAuth");
        if (OID.compareOIDs(str, GSSUPMechOID.value) || OID.compareOIDs(str, this.configuredOID)) {
            return true;
        }
        if ((OID.compareOIDs(str, LTPAMechOID.value) && z) || OID.compareOIDs(str, RSAPropMechOID.value) || OID.compareOIDs(str, cSIv2Config.getString(CSIv2Config.ACTIVE_AUTH_MECH_OID))) {
            return true;
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.error(tc, "security.JSAS0626E", new Object[]{str, this.configuredOID});
        return false;
    }
}
