package com.ibm.ws.security.csiv2.server.config.css;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.security.csiv2.server.TraceConstants;
import com.ibm.ws.transport.iiop.security.config.css.CSSSASIdentityToken;
import com.ibm.ws.transport.iiop.security.util.Util;
import javax.security.auth.Subject;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CSI.IdentityToken;
import org.omg.IOP.Codec;

@InjectedFFDC
@TraceOptions(traceGroup = TraceConstants.TRACE_GROUP, messageBundle = TraceConstants.MESSAGE_BUNDLE)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/csiv2/server/config/css/ClientSASITTDistinguishedName.class */
public class ClientSASITTDistinguishedName implements CSSSASIdentityToken {
    private static TraceComponent tc = Tr.register(ClientSASITTDistinguishedName.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    static final long serialVersionUID = 9181673613326636571L;

    @FFDCIgnore({Exception.class})
    public IdentityToken encodeIdentityToken(Codec codec) {
        String str = null;
        try {
            str = getDistinguishedName();
            return createIdentityToken(codec, str);
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "The client cannot create the ITTDistinguishedName identity assertion token for distinguished name " + str + ". The exception message is: " + e.getMessage(), new Object[0]);
            }
            throw new NO_PERMISSION(Tr.formatMessage(tc, "CSIv2_CLIENT_ASSERTION_CANNOT_ENCODE_DN", new Object[]{str, e.getMessage()}), 1229066386, CompletionStatus.COMPLETED_NO);
        }
    }

    private String getDistinguishedName() throws Exception {
        return new SubjectHelper().getWSCredential(getClientSubject()).getUniqueSecurityName();
    }

    private Subject getClientSubject() {
        SubjectManager subjectManager = new SubjectManager();
        Subject invocationSubject = subjectManager.getInvocationSubject();
        if (invocationSubject == null) {
            invocationSubject = subjectManager.getCallerSubject();
        }
        return invocationSubject;
    }

    private IdentityToken createIdentityToken(Codec codec, String str) throws Exception {
        byte[] encodeDN = Util.encodeDN(codec, str);
        IdentityToken identityToken = new IdentityToken();
        identityToken.dn(encodeDN);
        return identityToken;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString("", sb);
        return sb.toString();
    }

    @Trivial
    public void toString(String str, StringBuilder sb) {
        sb.append(str).append("ClientSASITTDistinguishedName: [\n");
        sb.append(str).append("]\n");
    }

    public int getType() {
        return 8;
    }
}
