package nl.nn.adapterframework.util;

import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.security.auth.WSCredentialImpl;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.URI;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-ibm-7.6.5.jar:nl/nn/adapterframework/util/SsoUtil.class */
public class SsoUtil {
    private static Logger log = LogUtil.getLogger((Class<?>) SsoUtil.class);

    public static String getSsoTokenName() {
        return "LtpaToken";
    }

    public static String getSsoToken() throws WSSecurityException, CredentialDestroyedException, CredentialExpiredException {
        byte[] credentialToken;
        String str = null;
        Subject callerSubject = WSSubject.getCallerSubject();
        if (callerSubject == null) {
            throw new WSSecurityException("could not find Subject");
        }
        Set<Object> publicCredentials = callerSubject.getPublicCredentials();
        if (publicCredentials == null) {
            throw new WSSecurityException("could not find PublicCredentials");
        }
        Iterator<Object> it = publicCredentials.iterator();
        while (str == null && it.hasNext()) {
            Object next = it.next();
            if ((next instanceof WSCredentialImpl) && (credentialToken = ((WSCredentialImpl) next).getCredentialToken()) != null && credentialToken.length > 0) {
                str = Base64.encodeBase64String(credentialToken);
            }
        }
        return str;
    }

    public static void addSsoCredential(HttpMethod httpMethod, HttpState httpState, String str) {
        String str2;
        try {
            String ssoTokenName = getSsoTokenName();
            String ssoToken = getSsoToken();
            if (!StringUtils.isEmpty(ssoToken)) {
                if (log.isDebugEnabled()) {
                    log.debug("constructing SsoCredentialCookie [" + ssoTokenName + "]");
                }
                Cookie cookie = new Cookie();
                cookie.setName(ssoTokenName);
                cookie.setValue(ssoToken);
                try {
                    URI uri = httpMethod.getURI();
                    str2 = uri.getHost();
                    if (StringUtils.isEmpty(str2)) {
                        if (log.isDebugEnabled()) {
                            log.debug("did not find host from URI [" + uri.getURI() + "], will use default [" + str + "] for SSO credential cookie");
                        }
                        str2 = str;
                    }
                } catch (Throwable th) {
                    log.warn("could not extract host from URI", th);
                    str2 = str;
                }
                cookie.setDomain(str2);
                cookie.setPath("/");
                if (log.isDebugEnabled()) {
                    log.debug("set SSOcookie attributes: domain [" + cookie.getDomain() + "] path [" + cookie.getPath() + "]");
                }
                httpState.addCookie(cookie);
            } else if (log.isDebugEnabled()) {
                log.debug("no value for SsoCredential [" + ssoTokenName + "]");
            }
        } catch (Exception e) {
            log.warn("could not obtain SsoToken: " + e.getMessage());
        }
    }
}
