package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.DynamicTAI;
import com.ibm.ws.security.config.InterceptorsConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.TrustAssociationConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/web/TrustAssociationManager.class */
public class TrustAssociationManager {
    public static final String TRUSTED_SERVER_TYPE_WEBSEAL36 = "WebSeal3.6";
    private String domainID;
    private String firstPassList = "";
    private TAIWrapper[] interceptors = null;
    private int interceptorCount = 0;
    private boolean isTrustAssociationEnabled = false;
    private static HashMap<String, TrustAssociationManager> _cache = new HashMap<>();
    private static TraceComponent tc = Tr.register((Class<?>) TrustAssociationManager.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);

    static void setInstance(TrustAssociationManager trustAssociationManager, String str) {
        _cache.put(str, trustAssociationManager);
    }

    public static TrustAssociationManager getInstance() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance");
        }
        String domainId = SecurityObjectLocator.getSecurityConfigManager().getDomainId();
        TrustAssociationManager trustAssociationManager = _cache.get(domainId);
        if (trustAssociationManager != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "returning cached instance: " + trustAssociationManager);
            }
            return trustAssociationManager;
        }
        TrustAssociationManager trustAssociationManager2 = new TrustAssociationManager();
        _cache.put(domainId, trustAssociationManager2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "updated the cache with: " + domainId + ", " + trustAssociationManager2);
        }
        return trustAssociationManager2;
    }

    private TrustAssociationManager() {
        initialize();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TAIWrapper getInterceptor(HttpServletRequest httpServletRequest, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInterceptor()", this.domainID);
        }
        for (int i = 0; i < this.interceptorCount; i++) {
            TAIWrapper tAIWrapper = this.interceptors[i];
            if ((z && this.firstPassList.indexOf(tAIWrapper.getClassName()) != -1) || (!z && this.firstPassList.indexOf(tAIWrapper.getClassName()) == -1)) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Check if target interceptor [" + i + "]: " + tAIWrapper.getName() + " ...");
                    }
                    if (tAIWrapper.isTargetInterceptor(httpServletRequest)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found interceptor: " + tAIWrapper.getName());
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "getInterceptor()");
                        }
                        return tAIWrapper;
                    }
                    continue;
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "interceptor " + tAIWrapper.getName() + " throws exception", e);
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.TrustAssociationManager.getInterceptor", "139");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Interceptor " + tAIWrapper.getClassName() + " skipped.  First pass list = '" + this.firstPassList + "' First pass: " + z);
            }
        }
        List<DynamicTAI> interceptors = SecurityObjectLocator.getDynamicTAIConfig().getInterceptors();
        for (int i2 = 0; i2 < interceptors.size(); i2++) {
            DynamicTAI dynamicTAI = interceptors.get(i2);
            if (!dynamicTAI.isLoaded()) {
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                if (contextClassLoader == null) {
                    Tr.error(tc, "security.web.ta.classloaderr");
                    this.isTrustAssociationEnabled = false;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "class loader failed to load admin domain interceptor");
                    }
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Loading dynamic TAI: " + dynamicTAI.getTAIClassName());
                    }
                    Object loadInterceptor = loadInterceptor(dynamicTAI.getTAIClassName(), dynamicTAI.getTAIProperties(), contextClassLoader);
                    if (loadInterceptor != null) {
                        dynamicTAI.setLoadedTAIInterceptor(new TAIWrapper(loadInterceptor));
                    }
                }
            }
            TAIWrapper tAIWrapper2 = (TAIWrapper) dynamicTAI.getLoadedTAIInterceptor();
            if (z) {
                try {
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "dynamic interceptor " + tAIWrapper2.getName() + " throws exception", e2);
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.web.TrustAssociationManager.getInterceptor", "205");
                }
                if (!dynamicTAI.isFirstPass()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Dynamic interceptor " + tAIWrapper2.getName() + " is not executing on the first pass ...");
                    }
                }
            }
            if (z || !dynamicTAI.isFirstPass()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Check if dynamic interceptor " + tAIWrapper2.getName() + " is target interceptor ...");
                }
                if (tAIWrapper2.isTargetInterceptor(httpServletRequest)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found dynamic interceptor: " + tAIWrapper2.getName());
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getInterceptor()");
                    }
                    return tAIWrapper2;
                }
                continue;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Dynamic interceptor " + tAIWrapper2.getName() + " is not executing on the second pass ...");
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getInterceptor");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isTrustAssociationEnabled() {
        return this.isTrustAssociationEnabled || SecurityObjectLocator.getDynamicTAIConfig().getInterceptors().size() > 0;
    }

    int getInterceptorsCount() {
        return this.interceptorCount;
    }

    private void do_cleanTAInterceptors() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "do_cleanTAInterceptors", this.domainID);
        }
        for (int i = 0; i < this.interceptorCount; i++) {
            this.interceptors[i].cleanup();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "do_cleanTAInterceptors", this.domainID);
        }
    }

    public void cleanTAInterceptors() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanTAInterceptors");
        }
        Iterator<TrustAssociationManager> it = _cache.values().iterator();
        while (it.hasNext()) {
            it.next().do_cleanTAInterceptors();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanTAInterceptors");
        }
    }

    private void initialize() {
        SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
        this.domainID = securityConfig.getDomain();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE, this.domainID);
        }
        String type = securityConfig.getActiveAuthMechanism().getType();
        if (type.equals("LTPA") || type.equals(AuthMechanismConfig.TYPE_KERBEROS)) {
            TrustAssociationConfig trustAssociation = securityConfig.getTrustAssociation();
            if (trustAssociation != null ? trustAssociation.getBoolean("enabled") : false) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust Association enabled: Trying to load the interceptors");
                }
                this.firstPassList = securityConfig.getProperty("com.ibm.websphere.security.InvokeTAIbeforeSSO");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "First pass list: " + this.firstPassList);
                }
                try {
                    List<InterceptorsConfig> interceptors = securityConfig.getTrustAssociation().getInterceptors();
                    if (interceptors.size() == 0) {
                        this.isTrustAssociationEnabled = false;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No interceptors provided for Trust Association");
                        }
                    } else {
                        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                        if (contextClassLoader == null) {
                            Tr.error(tc, "security.web.ta.classloaderr");
                            this.isTrustAssociationEnabled = false;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "class loader failed to load admin domain interceptor");
                            }
                        } else {
                            ArrayList arrayList = new ArrayList(interceptors.size());
                            for (int i = 0; i < interceptors.size(); i++) {
                                InterceptorsConfig interceptorsConfig = interceptors.get(i);
                                String string = interceptorsConfig.getString("interceptorClassName");
                                Properties trustProperties = interceptorsConfig.getTrustProperties();
                                if (trustProperties == null) {
                                    trustProperties = new Properties();
                                }
                                Object loadInterceptor = loadInterceptor(string, trustProperties, contextClassLoader);
                                if (loadInterceptor != null) {
                                    arrayList.add(loadInterceptor);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Adding Interceptor: " + string);
                                    }
                                }
                            }
                            this.interceptorCount = arrayList.size();
                            if (this.interceptorCount != 0) {
                                this.interceptors = new TAIWrapper[this.interceptorCount];
                                for (int i2 = 0; i2 < this.interceptorCount; i2++) {
                                    this.interceptors[i2] = new TAIWrapper(arrayList.get(i2));
                                }
                                this.isTrustAssociationEnabled = true;
                            } else {
                                this.isTrustAssociationEnabled = false;
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Number of Interceptors added are: " + this.interceptorCount);
                            }
                        }
                    }
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.TrustAssociationManager.initialize", "207", this);
                    this.isTrustAssociationEnabled = false;
                    Tr.error(tc, "security.web.ta.initerr", new Object[]{null, e});
                }
            } else {
                this.isTrustAssociationEnabled = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Trust Association not enabled");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:81:0x0346  */
    /* JADX WARN: Removed duplicated region for block: B:83:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.Object loadInterceptor(java.lang.String r8, java.util.Properties r9, java.lang.ClassLoader r10) {
        /*
            Method dump skipped, instructions count: 848
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.web.TrustAssociationManager.loadInterceptor(java.lang.String, java.util.Properties, java.lang.ClassLoader):java.lang.Object");
    }
}
