package com.ibm.wsspi.security.token;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.InvalidTokenException;
import com.ibm.websphere.security.auth.TokenExpiredException;
import com.ibm.websphere.security.auth.ValidationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.token.TokenManager;
import com.ibm.ws.security.token.internal.ValidationResultImpl;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.Map;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/wsspi/security/token/WSSecurityPropagationHelper.class */
public class WSSecurityPropagationHelper {
    private static final TraceComponent tc = Tr.register(WSSecurityPropagationHelper.class, "Token", "com.ibm.ws.security.token.internal.resources.TokenMessages");
    private static final AtomicServiceReference<TokenManager> tokenManagerRef = new AtomicServiceReference<>("tokenManager");
    private static final WebSphereRuntimePermission VALIDATE_TOKEN = new WebSphereRuntimePermission("validateLTPAToken");
    static final long serialVersionUID = -6170239023559202366L;

    public static ValidationResult validateToken(byte[] bArr) throws ValidationFailedException {
        ValidationResultImpl validationResultImpl = null;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...", new Object[0]);
                Tr.debug(tc, "Expecting : " + VALIDATE_TOKEN.toString(), new Object[0]);
            }
            securityManager.checkPermission(VALIDATE_TOKEN);
        }
        if (bArr == null) {
            throw new ValidationFailedException("Invalid token, token returned from validation is null.");
        }
        try {
            com.ibm.wsspi.security.ltpa.Token recreateTokenFromBytes = recreateTokenFromBytes(bArr);
            if (recreateTokenFromBytes != null) {
                String str = recreateTokenFromBytes.getAttributes("u")[0];
                String[] attributes = recreateTokenFromBytes.getAttributes(AttributeNameConstants.WSCREDENTIAL_REALM);
                String str2 = null;
                if (attributes != null) {
                    str2 = attributes[0];
                }
                validationResultImpl = new ValidationResultImpl(str, str2);
            }
            return validationResultImpl;
        } catch (WSSecurityException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.WSSecurityPropagationHelper", "81", (Object) null, new Object[]{bArr});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "validateLTPAToken caught exception: " + e.getMessage(), new Object[0]);
            }
            throw new ValidationFailedException(e.getLocalizedMessage());
        }
    }

    private static com.ibm.wsspi.security.ltpa.Token recreateTokenFromBytes(byte[] bArr) throws InvalidTokenException, TokenExpiredException {
        com.ibm.wsspi.security.ltpa.Token token = null;
        TokenManager tokenManager = (TokenManager) tokenManagerRef.getService();
        if (tokenManager != null) {
            token = tokenManager.recreateTokenFromBytes(copyCredToken(bArr), new String[0]);
        }
        return token;
    }

    private static byte[] copyCredToken(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        int length = bArr.length;
        if (length == 0) {
            return new byte[length];
        }
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        return bArr2;
    }

    protected void setTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManagerRef.setReference(serviceReference);
    }

    protected void unsetTokenManager(ServiceReference<TokenManager> serviceReference) {
        tokenManagerRef.unsetReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        tokenManagerRef.activate(componentContext);
    }

    protected void deactivate(ComponentContext componentContext) {
        tokenManagerRef.deactivate(componentContext);
    }
}
