package lotus.domino;

import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.websphere.security.cred.WSCredential;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.omg.CORBA.StringHolder;
import org.omg.Security.OpaqueHolder;

/* loaded from: input_file:lotus/domino/WAS5Helper.class */
class WAS5Helper extends Trace {
    protected WAS5Helper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSessionToken(Object obj) {
        Object obj2;
        byte[] bArr = null;
        Subject subject = null;
        TRACE_MSG(WAS5Helper.class, "getSessionToken(%s)", obj);
        if (obj == null) {
            try {
                subject = WSSubject.getRunAsSubject();
                TRACE_MSG(WAS5Helper.class, "getRunAsSubject(): ", subject);
            } catch (Exception e) {
                TRACE_MSG(WAS5Helper.class, "getRunAsSubject() Exception: ", e);
                return null;
            }
        } else if (obj instanceof Subject) {
            TRACE_MSG(WAS5Helper.class, "is Subject");
            subject = (Subject) obj;
        } else {
            if (!(obj instanceof CredentialsImpl)) {
                TRACE_MSG(WAS5Helper.class, "Ignoring parameter: ", obj);
                return null;
            }
            com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl credentialsImpl = (CredentialsImpl) obj;
            TRACE_MSG(WAS5Helper.class, "is com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl");
            TRACE_MSG(WAS5Helper.class, "is Unauthenticated: ", new Boolean(credentialsImpl.isUnauthenticated()));
            StringHolder stringHolder = new StringHolder();
            OpaqueHolder opaqueHolder = new OpaqueHolder();
            if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl) {
                TRACE_MSG(WAS5Helper.class, "is com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl");
                try {
                    credentialsImpl.get_credential_token(stringHolder, opaqueHolder);
                } catch (Exception e2) {
                    TRACE_MSG(WAS5Helper.class, "get_credential_token() Exception: ", e2);
                    return null;
                }
            } else if (credentialsImpl instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) {
                TRACE_MSG(WAS5Helper.class, "is com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl");
                try {
                    ((com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) credentialsImpl).get_credential_token(stringHolder, opaqueHolder);
                } catch (Exception e3) {
                    TRACE_MSG(WAS5Helper.class, "get_credential_token() Exception: ", e3);
                    return null;
                }
            }
            bArr = opaqueHolder.value;
        }
        if (subject != null) {
            TRACE_MSG(WAS5Helper.class, "Subject: ", subject);
            Iterator<Object> it = subject.getPublicCredentials().iterator();
            Object next = it.next();
            while (true) {
                try {
                    obj2 = next;
                    TRACE_MSG(WAS5Helper.class, "PublicCredential: ", obj2);
                } catch (Exception e4) {
                    TRACE_MSG(WAS5Helper.class, "Exception: ", e4);
                }
                if (obj2 == null) {
                    break;
                }
                if (obj2 instanceof WSCredential) {
                    WSCredential wSCredential = (WSCredential) obj2;
                    TRACE_MSG(WAS5Helper.class, "WSCredential: ", wSCredential);
                    if (wSCredential.isBasicAuth()) {
                        TRACE_MSG(WAS5Helper.class, "WSCredential isBasicAuth");
                        Subject jaas_login = jaas_login(wSCredential);
                        if (jaas_login != null) {
                            TRACE_MSG(WAS5Helper.class, "Next Subject: ", jaas_login);
                            it = jaas_login.getPublicCredentials().iterator();
                        }
                    } else {
                        if (wSCredential.getOID().equals("oid:1.3.18.0.2.30.2")) {
                            TRACE_MSG(WAS5Helper.class, "WSCredential com.ibm.CSIv2Security.LTPAMechOID");
                            bArr = wSCredential.getCredentialToken();
                            break;
                        }
                        TRACE_MSG(WAS5Helper.class, "Ignoring WSCredential: ", wSCredential);
                    }
                }
                next = it.next();
            }
        }
        if (bArr == null) {
            return null;
        }
        String base64encode = Helper.base64encode(bArr);
        TRACE_MSG(WAS5Helper.class, "Token is: ", base64encode);
        return base64encode;
    }

    private static Subject jaas_login(WSCredential wSCredential) {
        Subject subject = null;
        try {
            String realmName = wSCredential.getRealmName();
            String securityName = wSCredential.getSecurityName();
            String convertedString = StringBytesConversion.getConvertedString(wSCredential.getCredentialToken());
            TRACE_MSG(WAS5Helper.class, "creating LoginContext for realm %s, user %s", realmName, securityName);
            LoginContext loginContext = new LoginContext("system.LTPA", new WSCallbackHandlerImpl(securityName, realmName, convertedString));
            loginContext.login();
            subject = loginContext.getSubject();
        } catch (Exception e) {
            TRACE_MSG(WAS5Helper.class, "jaas_login: ", e);
        }
        TRACE_MSG(WAS5Helper.class, "Subject is: ", subject);
        return subject;
    }
}
