package com.ibm.websphere.security.auth;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.kernel.security.thread.ThreadIdentityException;
import com.ibm.ws.kernel.security.thread.ThreadIdentityManager;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.intfc.SubjectManagerService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/websphere/security/auth/WSSubject.class */
public final class WSSubject {
    private static final TraceComponent tc = Tr.register(WSSubject.class, (String) null, (String) null);
    private static final AuthPermission DOAS_PERM = new AuthPermission("doAs");
    private static final AuthPermission DOASPRIVILEGED_PERM = new AuthPermission("doAsPrivileged");
    private static final AuthPermission GETCALLERSUBJECT_PERM = new AuthPermission("wssecurity.getCallerSubject");
    private static final AuthPermission GETRUNASSUBJECT_PERM = new AuthPermission("wssecurity.getRunAsSubject");
    private static final AuthPermission SETRUNASSUBJECT_PERM = new AuthPermission("wssecurity.setRunAsSubject");
    private static final AtomicServiceReference<SubjectManagerService> smServiceRef = new AtomicServiceReference<>("subjectManagerService");
    private static final PrivilegedExceptionAction getCallerSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.websphere.security.auth.WSSubject.1
        static final long serialVersionUID = 8639087948251670234L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.websphere.security.auth.WSSubject$1", AnonymousClass1.class, (String) null, (String) null);

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws WSSecurityException {
            SubjectManagerService subjectManagerService = (SubjectManagerService) WSSubject.smServiceRef.getService();
            Subject subject = null;
            if (subjectManagerService != null) {
                subject = subjectManagerService.getCallerSubject();
                if (subject != null) {
                    subject.setReadOnly();
                }
            }
            return subject;
        }
    };
    private static final PrivilegedExceptionAction getRunAsSubjectAction = new PrivilegedExceptionAction() { // from class: com.ibm.websphere.security.auth.WSSubject.2
        static final long serialVersionUID = 1854071459313758011L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.websphere.security.auth.WSSubject$2", AnonymousClass2.class, (String) null, (String) null);

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws WSSecurityException {
            SubjectManagerService subjectManagerService = (SubjectManagerService) WSSubject.smServiceRef.getService();
            Subject subject = null;
            if (subjectManagerService != null) {
                subject = subjectManagerService.getInvocationSubject();
                if (subject != null) {
                    subject.setReadOnly();
                }
            }
            return subject;
        }
    };
    static final long serialVersionUID = 395804206152188920L;

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/websphere/security/auth/WSSubject$SubjectCookie.class */
    public static final class SubjectCookie {
        boolean prevSyncedState = false;
        Subject subject = null;
        Object token = null;
        static final long serialVersionUID = -404743658882910945L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.websphere.security.auth.WSSubject$SubjectCookie", SubjectCookie.class, (String) null, (String) null);

        SubjectCookie() {
        }

        public String toString() {
            return super.toString() + ";prevSyncedState=" + this.prevSyncedState + ",token=" + this.token + ",subject=" + this.subject;
        }
    }

    protected void setSubjectManagerService(ServiceReference<SubjectManagerService> serviceReference) {
        smServiceRef.setReference(serviceReference);
    }

    protected void unsetSubjectManagerService(ServiceReference<SubjectManagerService> serviceReference) {
        smServiceRef.unsetReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext) {
        smServiceRef.activate(componentContext);
    }

    protected void deactivate(ComponentContext componentContext) {
        smServiceRef.deactivate(componentContext);
    }

    public static Object doAs(Subject subject, PrivilegedAction privilegedAction) {
        return doAs(subject, privilegedAction, false);
    }

    public static Object doAs(Subject subject, PrivilegedAction privilegedAction, boolean z) {
        RuntimeException runtimeException;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOAS_PERM);
        }
        if (privilegedAction == null) {
            throw new IllegalArgumentException("null PrivilegedAction provided");
        }
        Subject subject2 = null;
        SubjectCookie invocationSubject = setInvocationSubject(subject);
        if (z) {
            subject2 = setCallerSubject(subject);
        }
        try {
            try {
                Object doAs = Subject.doAs(subject, (PrivilegedAction<Object>) privilegedAction);
                restoreInvocationSubject(invocationSubject);
                if (z) {
                    restoreCallerSubject(subject2);
                }
                return doAs;
            } finally {
            }
        } catch (Throwable th) {
            restoreInvocationSubject(invocationSubject);
            if (z) {
                restoreCallerSubject(subject2);
            }
            throw th;
        }
    }

    public static Object doAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        return doAs(subject, privilegedExceptionAction, false);
    }

    public static Object doAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction, boolean z) throws PrivilegedActionException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOAS_PERM);
        }
        if (privilegedExceptionAction == null) {
            throw new IllegalArgumentException("null PrivilegedExceptionAction provided");
        }
        Subject subject2 = null;
        SubjectCookie invocationSubject = setInvocationSubject(subject);
        if (z) {
            subject2 = setCallerSubject(subject);
        }
        try {
            try {
                try {
                    Object doAs = Subject.doAs(subject, (PrivilegedExceptionAction<Object>) privilegedExceptionAction);
                    restoreInvocationSubject(invocationSubject);
                    if (z) {
                        restoreCallerSubject(subject2);
                    }
                    return doAs;
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "173", (Object) null, new Object[]{subject, privilegedExceptionAction, Boolean.valueOf(z)});
                    throw e;
                }
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject", "175", (Object) null, new Object[]{subject, privilegedExceptionAction, Boolean.valueOf(z)});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSSubject.doAs(Subject, PrivilegedExceptionAction) Exception caught: " + th, new Object[0]);
                }
                throw new RuntimeException(th);
            }
        } catch (Throwable th2) {
            restoreInvocationSubject(invocationSubject);
            if (z) {
                restoreCallerSubject(subject2);
            }
            throw th2;
        }
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedAction privilegedAction, AccessControlContext accessControlContext) {
        return doAsPrivileged(subject, privilegedAction, accessControlContext, false);
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedAction privilegedAction, AccessControlContext accessControlContext, boolean z) {
        RuntimeException runtimeException;
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOASPRIVILEGED_PERM);
        }
        if (privilegedAction == null) {
            throw new IllegalArgumentException("null PrivilegedAction provided");
        }
        Subject subject2 = null;
        SubjectCookie invocationSubject = setInvocationSubject(subject);
        if (z) {
            subject2 = setCallerSubject(subject);
        }
        try {
            try {
                Object doAsPrivileged = Subject.doAsPrivileged(subject, (PrivilegedAction<Object>) privilegedAction, accessControlContext);
                restoreInvocationSubject(invocationSubject);
                if (z) {
                    restoreCallerSubject(subject2);
                }
                return doAsPrivileged;
            } finally {
            }
        } catch (Throwable th) {
            restoreInvocationSubject(invocationSubject);
            if (z) {
                restoreCallerSubject(subject2);
            }
            throw th;
        }
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction privilegedExceptionAction, AccessControlContext accessControlContext) throws PrivilegedActionException {
        return doAsPrivileged(subject, privilegedExceptionAction, accessControlContext, false);
    }

    public static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction privilegedExceptionAction, AccessControlContext accessControlContext, boolean z) throws PrivilegedActionException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DOASPRIVILEGED_PERM);
        }
        if (privilegedExceptionAction == null) {
            throw new IllegalArgumentException("null PrivilegedExceptionAction provided");
        }
        Subject subject2 = null;
        SubjectCookie invocationSubject = setInvocationSubject(subject);
        if (z) {
            subject2 = setCallerSubject(subject);
        }
        try {
            try {
                try {
                    Object doAsPrivileged = Subject.doAsPrivileged(subject, (PrivilegedExceptionAction<Object>) privilegedExceptionAction, accessControlContext);
                    restoreInvocationSubject(invocationSubject);
                    if (z) {
                        restoreCallerSubject(subject2);
                    }
                    return doAsPrivileged;
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "284", (Object) null, new Object[]{subject, privilegedExceptionAction, accessControlContext, Boolean.valueOf(z)});
                    throw e;
                }
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.websphere.security.auth.WSSubject", "286", (Object) null, new Object[]{subject, privilegedExceptionAction, accessControlContext, Boolean.valueOf(z)});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "WSSubject.doAsPrivileged(Subject, PrivilegedExceptionAction, AccessControlContext) Exception caught: " + th, new Object[0]);
                }
                throw new RuntimeException(th);
            }
        } catch (Throwable th2) {
            restoreInvocationSubject(invocationSubject);
            if (z) {
                restoreCallerSubject(subject2);
            }
            throw th2;
        }
    }

    public static Subject getCallerSubject() throws WSSecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GETCALLERSUBJECT_PERM);
        }
        try {
            return (Subject) AccessController.doPrivileged(getCallerSubjectAction);
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "341", (Object) null, new Object[0]);
            throw ((WSSecurityException) e.getException());
        }
    }

    public static Subject getRunAsSubject() throws WSSecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(GETRUNASSUBJECT_PERM);
        }
        try {
            return (Subject) AccessController.doPrivileged(getRunAsSubjectAction);
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "402", (Object) null, new Object[0]);
            throw ((WSSecurityException) e.getException());
        }
    }

    public static void setRunAsSubject(final Subject subject) throws WSSecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SETRUNASSUBJECT_PERM);
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.websphere.security.auth.WSSubject.3
                static final long serialVersionUID = 3548918179825975585L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.websphere.security.auth.WSSubject$3", AnonymousClass3.class, (String) null, (String) null);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException {
                    SubjectManagerService subjectManagerService = (SubjectManagerService) WSSubject.smServiceRef.getService();
                    if (subjectManagerService == null) {
                        return null;
                    }
                    subjectManagerService.setInvocationSubject(subject);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "461", (Object) null, new Object[]{subject});
            throw ((WSSecurityException) e.getException());
        }
    }

    public static String getCallerPrincipal() {
        Subject callerSubject;
        WSCredential wSCredential;
        String str = null;
        SubjectManagerService subjectManagerService = (SubjectManagerService) smServiceRef.getService();
        if (subjectManagerService != null && (callerSubject = subjectManagerService.getCallerSubject()) != null && (wSCredential = getWSCredential(callerSubject)) != null && !wSCredential.isUnauthenticated()) {
            try {
                str = wSCredential.getSecurityName();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "500", (Object) null, new Object[0]);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Internal error: " + e, new Object[0]);
                }
            }
        }
        return str;
    }

    public static String getSAFUserFromSubject(Subject subject) {
        return null;
    }

    public static Throwable getRootLoginException() {
        return null;
    }

    private static SubjectCookie setInvocationSubject(Subject subject) {
        SubjectCookie subjectCookie = new SubjectCookie();
        SubjectManagerService subjectManagerService = (SubjectManagerService) smServiceRef.getService();
        if (subjectManagerService != null) {
            if (subject == null) {
                subject = new Subject();
            }
            Subject invocationSubject = subjectManagerService.getInvocationSubject();
            subjectManagerService.setInvocationSubject(subject);
            subjectCookie.subject = invocationSubject;
            try {
                subjectCookie.token = ThreadIdentityManager.setAppThreadIdentity(subject);
            } catch (ThreadIdentityException e) {
                FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "569", (Object) null, new Object[]{subject});
                throw new SecurityException((Throwable) e);
            }
        }
        return subjectCookie;
    }

    private static Subject setCallerSubject(Subject subject) {
        Subject subject2 = null;
        SubjectManagerService subjectManagerService = (SubjectManagerService) smServiceRef.getService();
        if (subjectManagerService != null) {
            if (subject == null) {
                subject = new Subject();
            }
            subject2 = subjectManagerService.getCallerSubject();
            subjectManagerService.setCallerSubject(subject);
        }
        return subject2;
    }

    private static void restoreInvocationSubject(SubjectCookie subjectCookie) {
        try {
            try {
                if (subjectCookie.token != null) {
                    ThreadIdentityManager.resetChecked(subjectCookie.token);
                }
                SubjectManagerService subjectManagerService = (SubjectManagerService) smServiceRef.getService();
                if (subjectManagerService != null) {
                    subjectManagerService.setInvocationSubject(subjectCookie.subject);
                }
            } catch (ThreadIdentityException e) {
                FFDCFilter.processException(e, "com.ibm.websphere.security.auth.WSSubject", "602", (Object) null, new Object[]{subjectCookie});
                throw new SecurityException((Throwable) e);
            }
        } catch (Throwable th) {
            SubjectManagerService subjectManagerService2 = (SubjectManagerService) smServiceRef.getService();
            if (subjectManagerService2 != null) {
                subjectManagerService2.setInvocationSubject(subjectCookie.subject);
            }
            throw th;
        }
    }

    private static void restoreCallerSubject(Subject subject) {
        SubjectManagerService subjectManagerService = (SubjectManagerService) smServiceRef.getService();
        if (subjectManagerService != null) {
            subjectManagerService.setCallerSubject(subject);
        }
    }

    private static WSCredential getWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }
}
