package com.ibm.ws.security.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.models.config.ipc.EndPoint;
import com.ibm.websphere.models.config.security.LDAPUserRegistry;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import java.net.InetAddress;
import java.util.Properties;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/util/SecurityConfigurationUtilities.class */
public class SecurityConfigurationUtilities {
    private static TraceComponent tc = Tr.register((Class<?>) SecurityConfigurationUtilities.class, "Security", AdminConstants.MSG_BUNDLE_NAME);

    public static Properties setLDAPProperties(LDAPUserRegistry lDAPUserRegistry) {
        String str;
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setLDAPProperties ");
        }
        Properties properties = new Properties();
        properties.put("LDAP.server.id", ConfigUtils.variableMapExpand(lDAPUserRegistry.getServerId()));
        String serverPassword = lDAPUserRegistry.getServerPassword();
        if (serverPassword != null) {
            properties.put("LDAP.server.pwd", ConfigUtils.variableMapExpand(serverPassword));
        } else {
            properties.put("LDAP.server.pwd", "");
        }
        String realm = lDAPUserRegistry.getRealm();
        if (realm != null && realm.length() > 0) {
            properties.put("LDAP.server.realm", ConfigUtils.variableMapExpand(realm));
        }
        String userFilter = lDAPUserRegistry.getSearchFilter().getUserFilter();
        if (userFilter != null) {
            properties.put("user.filter", userFilter);
        }
        String groupFilter = lDAPUserRegistry.getSearchFilter().getGroupFilter();
        if (groupFilter != null) {
            properties.put("group.filter", groupFilter);
        }
        String groupIdMap = lDAPUserRegistry.getSearchFilter().getGroupIdMap();
        if (groupIdMap != null) {
            properties.put("group.idmap", groupIdMap);
        }
        String userIdMap = lDAPUserRegistry.getSearchFilter().getUserIdMap();
        if (userIdMap != null) {
            properties.put("user.idmap", userIdMap);
        }
        String groupMemberIdMap = lDAPUserRegistry.getSearchFilter().getGroupMemberIdMap();
        if (groupMemberIdMap != null) {
            properties.put("groupmember.idmap", groupMemberIdMap);
        }
        properties.put(CommonConstants.LDAP_SEARCH_TIME_LIMIT, Long.toString(lDAPUserRegistry.getSearchTimeout()));
        properties.put(CommonConstants.LDAP_REUSE_CONN, new Boolean(lDAPUserRegistry.isReuseConnection()).toString());
        if (lDAPUserRegistry.getSearchFilter() != null) {
            switch (lDAPUserRegistry.getSearchFilter().getCertificateMapMode().getValue()) {
                case 0:
                    properties.put("certificate.map.mode", "exactDNMode");
                    break;
                case 1:
                    properties.put("certificate.map.mode", "filterDescriptorMode");
                    if (lDAPUserRegistry.getSearchFilter().getCertificateFilter() == null) {
                        Tr.warning(tc, "security.config.missingAttributeCertFilter");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No CertificateFilter specified. Mandatory for Certificate Mode CERTIFICATE_FILTER");
                            break;
                        }
                    } else {
                        properties.put("certificate.map.filter", lDAPUserRegistry.getSearchFilter().getCertificateFilter());
                        break;
                    }
                    break;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LDAP registry search filter info missing");
        }
        EList<EndPoint> hosts = lDAPUserRegistry.getHosts();
        String str3 = "";
        if (hosts != null && hosts.size() > 0) {
            for (EndPoint endPoint : hosts) {
                str = "";
                String variableMapExpand = ConfigUtils.variableMapExpand(endPoint.getHost());
                try {
                    str = new Integer(endPoint.getPort()).intValue() > 0 ? Integer.toString(endPoint.getPort()) : "";
                } catch (Exception e) {
                }
                if (variableMapExpand != null && !variableMapExpand.equals("")) {
                    properties.put("com.ibm.ssl.remoteHost", variableMapExpand);
                }
                if (str != null && !str.equals("")) {
                    properties.put("com.ibm.ssl.remotePort", str);
                }
                StringBuffer stringBuffer = new StringBuffer();
                if (variableMapExpand.startsWith("ldap://")) {
                    variableMapExpand = variableMapExpand.substring("ldap://".length());
                }
                if (ConfigUtils.isIPv6Addr(variableMapExpand)) {
                    variableMapExpand = ConfigUtils.formatIPv6Addr(variableMapExpand);
                }
                stringBuffer.append("ldap://").append(variableMapExpand);
                if (str != null && str.length() > 0) {
                    stringBuffer.append(":" + str);
                }
                boolean z = true;
                Properties properties2 = ConfigUtils.getProperties(lDAPUserRegistry.getProperties());
                if (properties2 != null && (str2 = (String) properties2.get("com.ibm.websphere.security.registry.ldap.singleLDAP")) != null && str2.equalsIgnoreCase("true")) {
                    Tr.debug(tc, "com.ibm.websphere.security.registry.ldap.singleLDAP property is set to true");
                    z = false;
                }
                if (z && variableMapExpand != null && variableMapExpand.length() > 0) {
                    try {
                        InetAddress[] allByName = InetAddress.getAllByName(variableMapExpand);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, variableMapExpand + " has " + allByName.length + " IP addresses");
                        }
                        if (allByName != null && allByName.length > 1) {
                            StringBuffer stringBuffer2 = new StringBuffer(variableMapExpand);
                            stringBuffer2.append(" has multiple IP addresses of ");
                            for (InetAddress inetAddress : allByName) {
                                String hostAddress = inetAddress.getHostAddress();
                                if (ConfigUtils.isIPv6Addr(hostAddress)) {
                                    hostAddress = ConfigUtils.formatIPv6Addr(hostAddress);
                                }
                                stringBuffer2.append(" ").append(hostAddress).append(",");
                                stringBuffer.append(" ldap://").append(hostAddress);
                                if (str != null && str.length() > 0) {
                                    stringBuffer.append(":" + str);
                                }
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, stringBuffer2.toString());
                            }
                        }
                    } catch (Exception e2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not resolve IP address of LDAP host name:" + variableMapExpand);
                        }
                    }
                }
                if (stringBuffer != null && stringBuffer.length() > 0) {
                    if (str3 == "") {
                        str3 = stringBuffer.toString();
                    } else {
                        String stringBuffer3 = stringBuffer.toString();
                        if (str3.indexOf(stringBuffer3) == -1) {
                            str3 = str3 + " " + stringBuffer3;
                        }
                    }
                }
            }
            properties.put("java.naming.provider.url", str3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "new LDAP host is " + str3);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LDAP server host and port info missing");
        }
        String baseDN = lDAPUserRegistry.getBaseDN();
        if (baseDN != null && baseDN.length() > 0) {
            properties.put("ldap.basedn", ConfigUtils.variableMapExpand(baseDN));
        }
        if (lDAPUserRegistry.getBindDN() != null && lDAPUserRegistry.getBindDN().length() > 0) {
            properties.put("java.naming.security.principal", ConfigUtils.variableMapExpand(lDAPUserRegistry.getBindDN()));
        }
        if (lDAPUserRegistry.getBindPassword() != null && lDAPUserRegistry.getBindPassword().length() > 0) {
            properties.put("java.naming.security.credentials", ConfigUtils.variableMapExpand(lDAPUserRegistry.getBindPassword()));
        }
        if (lDAPUserRegistry.getType() != null) {
            switch (lDAPUserRegistry.getType().getValue()) {
                case 0:
                    properties.put("dirType", "ibm_dir_server");
                    break;
                case 1:
                    properties.put("dirType", "secureway");
                    break;
                case 2:
                    properties.put("dirType", "iplanet");
                    break;
                case 3:
                    properties.put("dirType", CookiePolicy.NETSCAPE);
                    break;
                case 4:
                    properties.put("dirType", "domino50");
                    break;
                case 5:
                    properties.put("dirType", "edirectory");
                    break;
                case 6:
                    properties.put("dirType", "actived");
                    break;
                case 7:
                    properties.put("dirType", "custom");
                    break;
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Unknow LDAP registry type");
        }
        properties.put("CustUserRegImplClass", CommonConstants.LDAP_REG_IMPL_CLASS);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setLDAPProperties " + ConfigUtils.maskPasswords(properties));
        }
        return properties;
    }
}
