package com.ibm.ws.security.server;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.cache.DistributedMap;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.BasicAuthData;
import com.ibm.ws.security.auth.DistributedMapFactory;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.registry.UserRegistryImpl;
import com.ibm.ws.security.role.RoleBasedAuthorizer;
import com.ibm.ws.security.role.RoleBasedConfigurator;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.xslt4j.bcel.Constants;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/server/SecurityServerImpl.class */
public class SecurityServerImpl extends PortableRemoteObject implements SecurityServer {
    private static final TraceComponent tc;
    private static UserRegistry registry;
    private static RoleBasedAuthorizer authorizer;
    private static UserRegistryImpl userRegistryImpl;
    private boolean securityEnabled = false;
    private static final String nullString;
    private static final String[] nullStringArray;
    private ContextManager contextManager;
    private static String remoteReg;
    private static byte[] authen_successful;
    private static byte[] authen_failure;
    String rmiLoginConfig;
    static Class class$com$ibm$ws$security$server$SecurityServerImpl;
    static Class class$com$ibm$websphere$security$UserRegistry;

    public SecurityServerImpl() throws RemoteException {
        this.contextManager = null;
        this.rmiLoginConfig = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.CONSTRUCTOR_NAME);
        }
        try {
            this.contextManager = ContextManagerFactory.getInstance();
            registry = getUserRegistry();
            this.rmiLoginConfig = (String) SecurityConfig.getConfig().getValue("com.ibm.CSI.rmiInboundLoginConfig");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, Constants.CONSTRUCTOR_NAME, this);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.SecurityServerImpl", "93", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating User Registry");
            }
            Tr.error(tc, "security.secsrv.find.reg", new Object[]{e});
            throw new RemoteException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public boolean simple_authenticate(BasicAuthData basicAuthData) throws WSLoginFailedException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("simple_authenticate for user: ").append(basicAuthData.getUserid()).toString());
        }
        if (remoteReg == null || !(remoteReg.equalsIgnoreCase("node") || remoteReg.equalsIgnoreCase("cell"))) {
            if (userRegistryImpl != null) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Using local registry to authenticate.");
                    }
                    if (this.contextManager.login(this.contextManager.getDefaultRealm(), basicAuthData.getUserid(), basicAuthData.getPassword(), this.rmiLoginConfig, null, null, null, null) != null) {
                        if (!tc.isDebugEnabled()) {
                            return true;
                        }
                        Tr.debug(tc, "Found subject from login, returning true for simple_authenticate.");
                        return true;
                    }
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "Subject is null after login, returning false for simple_authenticate.");
                    return false;
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.simple_authenticate", "170", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The following exception occurred in SecurityServerImpl: ", new Object[]{e});
                    }
                    String str = (String) SecurityConfig.getConfig().getValue("com.ibm.websphere.security.registry.propagateExceptionsToClient");
                    if (str == null || !(str.equalsIgnoreCase("true") || str.equalsIgnoreCase("yes"))) {
                        throw new WSLoginFailedException("Authentication Failed.  \nNote: Propagation of native registry error information is disabled by default. You may enable it by setting the property \"com.ibm.websphere.security.registry.propagateExceptionsToClient=true\" from the server's AdminConsole menu: Security -> Global Security -> Custom Properties.\n");
                    }
                    throw new WSLoginFailedException(e.getMessage(), e);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "simple_authenticate in bootstrap mode:forcing true");
            }
        } else {
            if (registry != null) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Using remote registry to authenticate.");
                    }
                    if (this.contextManager.login(this.contextManager.getDefaultRealm(), basicAuthData.getUserid(), basicAuthData.getPassword(), this.rmiLoginConfig, null, null, null, null) != null) {
                        if (!tc.isDebugEnabled()) {
                            return true;
                        }
                        Tr.debug(tc, "Found subject from login, returning true for simple_authenticate.");
                        return true;
                    }
                    if (!tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "Subject is null after login, returning false for simple_authenticate.");
                    return false;
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.server.SecurityServerImpl.simple_authenticate", "137", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The following exception occurred in SecurityServerImpl: ", new Object[]{e2});
                    }
                    throw new WSLoginFailedException(e2.getMessage(), e2);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "simple_authenticate in bootstrap mode:forcing true");
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "simple_authenticate:success");
        return true;
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public byte[] token_authenticate(BasicAuthData basicAuthData) throws WSLoginFailedException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "token_authenticate");
        }
        try {
            Subject login = this.contextManager.login(this.contextManager.getDefaultRealm(), basicAuthData.getUserid(), basicAuthData.getPassword(), this.rmiLoginConfig, null, null, null, null);
            byte[] bArr = authen_failure;
            if (login != null) {
                try {
                    bArr = ((WSCredential) login.getPublicCredentials(Class.forName("com.ibm.websphere.security.cred.WSCredential")).iterator().next()).getCredentialToken();
                    if (bArr == null) {
                        bArr = authen_successful;
                    }
                } catch (CredentialDestroyedException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "login CredentialDestroyedException: ", e.getMessage());
                    }
                    throw new WSLoginFailedException(e.getMessage());
                } catch (ClassNotFoundException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "login ClassNotFoundException: ", e2.getMessage());
                    }
                    throw new WSLoginFailedException(e2.getMessage());
                } catch (CredentialExpiredException e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "login CredentialDestroyedException: ", e3.getMessage());
                    }
                    throw new WSLoginFailedException(e3.getMessage(), e3);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "token_authenticate:success");
            }
            return bArr;
        } catch (NullPointerException e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "login NullPointerException: ", e4.getMessage());
            }
            throw new WSLoginFailedException(e4.getMessage());
        }
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public byte[] token_authenticate(String str, byte[] bArr) throws WSLoginFailedException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "token_authenticate");
        }
        try {
            Subject login = this.contextManager.login(this.contextManager.getDefaultRealm(), bArr, this.rmiLoginConfig, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null, (Subject) null);
            byte[] bArr2 = authen_failure;
            if (login != null) {
                bArr2 = bArr;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "token_authenticate:success");
            }
            return bArr2;
        } catch (NullPointerException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "login NullPointerException: ", e.getMessage());
            }
            throw new WSLoginFailedException(e.getMessage());
        }
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public TokenHolder getOpaqueToken(ByteArray byteArray) throws WSLoginFailedException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOpaqueToken");
        }
        byte[] bArr = null;
        TokenHolder tokenHolder = null;
        try {
            DistributedMap map = DistributedMapFactory.getMap("WSSecureMap");
            if (map != null) {
                bArr = (byte[]) map.get(byteArray);
            }
            if (bArr != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getOpaqueToken returns opaque token.");
                }
                tokenHolder = new TokenHolder(bArr, "WS_OPAQUE", 1);
            } else if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getOpaqueToken returns null.");
            }
            return tokenHolder;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.getOpaqueToken", "298", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exception occurred getting opaque token from distributed map.", new Object[]{e});
            }
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public UserRegistry getRegistry(String str) throws RemoteException {
        return registry;
    }

    public static UserRegistry getRegistryImpl(String str) {
        return (remoteReg == null || !(remoteReg.equalsIgnoreCase("node") || remoteReg.equalsIgnoreCase("cell"))) ? userRegistryImpl : registry;
    }

    @Override // com.ibm.ws.security.server.SecurityServer
    public List getRealms() {
        ArrayList arrayList = new ArrayList();
        String str = null;
        try {
            str = registry.getRealm();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.getRealms", "354", this);
            Tr.error(tc, "security.secsrv.get.realm", new Object[]{e});
        }
        arrayList.add(str);
        return arrayList;
    }

    private UserRegistry getUserRegistry() throws CustomRegistryException, NamingException, Exception {
        Class cls;
        UserRegistry userRegistry;
        Object lookup;
        Class cls2;
        Class cls3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserRegistry");
        }
        remoteReg = (String) SecurityConfig.getConfig().getValue(CommonConstants.USE_REMOTE_REGISTRY);
        if (remoteReg == null || !(remoteReg.equalsIgnoreCase("node") || remoteReg.equalsIgnoreCase("cell"))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "creating user registry");
            }
            Properties expandProps = SecurityConfig.expandProps((Properties) SecurityConfig.getConfig().getValue("security.activeUserRegistry.props"));
            Properties properties = (Properties) SecurityConfig.getConfig().getValue("security.registry.ldap.props");
            if (properties != null) {
                Enumeration keys = properties.keys();
                while (keys.hasMoreElements()) {
                    String str = (String) keys.nextElement();
                    expandProps.put(str, properties.get(str));
                }
                Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("security.registry.ldap.SSLEnabled");
                expandProps.put("sslEnabled", bool);
                if (bool.booleanValue()) {
                    expandProps.put("sslConfig", (Properties) SecurityConfig.getConfig().getValue("security.registry.ldap.SSLConfig"));
                }
            }
            Properties properties2 = (Properties) SecurityConfig.getConfig().getValue("CustomerUserRegistryProps");
            if (properties2 != null) {
                Enumeration keys2 = properties2.keys();
                while (keys2.hasMoreElements()) {
                    String str2 = (String) keys2.nextElement();
                    expandProps.put(str2, properties2.get(str2));
                }
            }
            try {
                userRegistryImpl = new UserRegistryImpl();
                userRegistryImpl.initialize(expandProps);
                if (this.contextManager.getPlatformHelper().isZOS()) {
                    if (this.contextManager.getPlatformHelper().isServantJvm()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "In SR, Using Local version of userRegistryImpl");
                        }
                        return userRegistryImpl;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Not in the  SR, getting the InitialContext ");
                    }
                }
                try {
                    InitialContext initialContext = new InitialContext();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Once I have the IntCtx, issue a rebind on it ");
                    }
                    try {
                        initialContext.rebind(com.ibm.ws.security.util.Constants.USER_REGISTRY, userRegistryImpl);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Once rebind, narrow the PortRemoteObj ");
                        }
                        try {
                            Object lookup2 = initialContext.lookup(com.ibm.ws.security.util.Constants.USER_REGISTRY);
                            if (class$com$ibm$websphere$security$UserRegistry == null) {
                                cls = class$("com.ibm.websphere.security.UserRegistry");
                                class$com$ibm$websphere$security$UserRegistry = cls;
                            } else {
                                cls = class$com$ibm$websphere$security$UserRegistry;
                            }
                            userRegistry = (UserRegistry) PortableRemoteObject.narrow(lookup2, cls);
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "557", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Failed to find user registry in name space");
                            }
                            Tr.error(tc, "security.secsrv.find.registry", new Object[]{e});
                            throw e;
                        }
                    } catch (NamingException e2) {
                        FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "539", (Object) this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error binding User Registry");
                        }
                        Tr.error(tc, "security.secsrv.bind.registry", new Object[]{e2});
                        throw e2;
                    }
                } catch (NamingException e3) {
                    FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "527", (Object) this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to get initial Naming Context");
                    }
                    Tr.error(tc, "security.secsrv.get.initCtx", new Object[]{e3});
                    throw e3;
                }
            } catch (CustomRegistryException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "485", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error creating User Registry");
                }
                Tr.error(tc, "security.secsrv.create.registry", new Object[]{e4});
                throw e4;
            } catch (Exception e5) {
                FFDCFilter.processException(e5, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "495", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error creating User Registry");
                }
                Tr.error(tc, "security.secsrv.create.registry", new Object[]{e5});
                throw e5;
            }
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "using remote user registry");
            }
            try {
                InitialContext initialContext2 = new InitialContext();
                try {
                    if (remoteReg.equalsIgnoreCase("node")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "looking up node's registry");
                        }
                        lookup = initialContext2.lookup("thisNode/nodeAgent/UserRegistry");
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "looking up cell's registry");
                        }
                        lookup = initialContext2.lookup("cell/deploymentManager/UserRegistry");
                    }
                    Object obj = lookup;
                    if (class$com$ibm$websphere$security$UserRegistry == null) {
                        cls2 = class$("com.ibm.websphere.security.UserRegistry");
                        class$com$ibm$websphere$security$UserRegistry = cls2;
                    } else {
                        cls2 = class$com$ibm$websphere$security$UserRegistry;
                    }
                    try {
                        initialContext2.rebind(com.ibm.ws.security.util.Constants.USER_REGISTRY, (UserRegistry) PortableRemoteObject.narrow(obj, cls2));
                        try {
                            Object lookup3 = initialContext2.lookup(com.ibm.ws.security.util.Constants.USER_REGISTRY);
                            if (class$com$ibm$websphere$security$UserRegistry == null) {
                                cls3 = class$("com.ibm.websphere.security.UserRegistry");
                                class$com$ibm$websphere$security$UserRegistry = cls3;
                            } else {
                                cls3 = class$com$ibm$websphere$security$UserRegistry;
                            }
                            userRegistry = (UserRegistry) PortableRemoteObject.narrow(lookup3, cls3);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "looked up local UserRegistry");
                            }
                        } catch (Exception e6) {
                            FFDCFilter.processException(e6, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "435", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Failed to find user registry in name space");
                            }
                            Tr.error(tc, "security.secsrv.find.registry", new Object[]{e6});
                            throw e6;
                        }
                    } catch (NamingException e7) {
                        FFDCFilter.processException((Throwable) e7, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "418", (Object) this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Error binding User Registry");
                        }
                        Tr.error(tc, "security.secsrv.bind.registry", new Object[]{e7});
                        throw e7;
                    }
                } catch (Exception e8) {
                    FFDCFilter.processException(e8, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "406", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to find user registry in name space");
                    }
                    Tr.error(tc, "security.secsrv.find.registry", new Object[]{e8});
                    throw e8;
                }
            } catch (NamingException e9) {
                FFDCFilter.processException((Throwable) e9, "com.ibm.ws.security.server.SecurityServerImpl.getUserRegistry", "384", (Object) this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to get initial Naming Context");
                }
                Tr.error(tc, "security.secsrv.get.initCtx", new Object[]{e9});
                throw e9;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserRegistry");
        }
        return userRegistry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setConfigurator(RoleBasedConfigurator roleBasedConfigurator) {
        if (authorizer == null) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "To get RoleBasedConfigurator");
                }
                authorizer = roleBasedConfigurator.getRoleBasedAuthorizer(com.ibm.ws.security.util.Constants.ADMIN_APP, "domain");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "got RoleBasedAuthorizer");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.server.SecurityServerImpl.setConfigurator", "582", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught retrieving RoleBasedAuthorizer");
                }
                Tr.error(tc, "security.secsrv.get.RoleBasedAuthorizer", new Object[]{e});
            }
            if (userRegistryImpl != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "to set configurator for registry");
                }
                userRegistryImpl.setConfigurator(roleBasedConfigurator);
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$server$SecurityServerImpl == null) {
            cls = class$("com.ibm.ws.security.server.SecurityServerImpl");
            class$com$ibm$ws$security$server$SecurityServerImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$server$SecurityServerImpl;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        registry = null;
        authorizer = null;
        userRegistryImpl = null;
        nullString = new String();
        nullStringArray = new String[0];
        remoteReg = null;
        authen_successful = new byte[]{0};
        authen_failure = new byte[]{-1};
    }
}
