package com.ibm.websphere.management.authorizer;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.management.ObjectNameHelper;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.ws.management.util.DebugUtils;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import javax.management.ObjectName;
import org.apache.commons.httpclient.cookie.Cookie2;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.core.jar:com/ibm/websphere/management/authorizer/SecurityAuditingHelper.class */
public class SecurityAuditingHelper {
    private static TraceComponent tc = Tr.register((Class<?>) SecurityAuditingHelper.class, "SecurityAuditingHelper", "com.ibm.websphere.management.authorizer");
    private static SecurityAuditingHelper secAuditHepler = new SecurityAuditingHelper();
    private static AuditService auditService = null;
    public static final String SA_ACTION_EXECUTE_COMMAND = "execute command";
    public static final String SA_ACTION_CREATE_SESSION = "create session";
    public static final String SA_ACTION_SAVE_SESSION = "save session";
    public static final String SA_ACTION_DISCARD_SESSION = "discard session";
    public static final String SA_ACTION_PROCESS_PARAM = "process task parameters";
    public static final String SA_ACTION_PREINVOKE_MBEAN = "preinvoke MBean";
    public static final String SA_ACTION_RESOURCE_ADDED = "add resource";
    public static final String SA_ACTION_RESOURCE_MODIFIED = "modify resource";
    public static final String SA_ACTION_RESOURCE_DELETED = "delete resource";
    public static final String SA_ACTION_RESOURCE_ACCESS = "access resource";
    public static final String SA_ACTION_APPLICATION_INSTALL = "install application";
    public static final String SA_ACTION_APPLICATION_EDIT = "edit application";
    public static final String SA_ACTION_APPLICATION_UPDATE = "update application";
    private static final String SA_RES_TYPE_COMMAND = "SM_COMMAND";
    private static final String SA_RES_TYPE_SESSION = "SM_SESSION";
    private static final String SA_RES_TYPE_MBEAN = "SM_MBEAN";
    private static final String SA_RES_TYPE_REPOSITORY = "SM_REPOSITORY";
    private static final String SA_RES_TYPE_APPLICATION = "SM_APPLICATION";
    private static final String SA_VALUE_NOT_AVAILABLE = "N/A";

    /* loaded from: input_file:wasJars/com.ibm.ws.admin.core.jar:com/ibm/websphere/management/authorizer/SecurityAuditingHelper$DeploymentAction.class */
    public enum DeploymentAction {
        INSTALL,
        UPDATE,
        EDIT
    }

    private SecurityAuditingHelper() {
    }

    private static void initialize() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize, auditService: " + auditService);
        }
        if (auditService == null) {
            auditService = ContextManagerFactory.getInstance().getAuditService();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize, auditService: " + auditService);
        }
    }

    private ContextHandler getContextHandler() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getContextHandler, auditService: " + auditService);
        }
        ContextHandler contextHandler = null;
        if (auditService != null) {
            contextHandler = auditService.getContextHandler();
            if (contextHandler == null) {
                Manager.Ffdc.log(new NullPointerException("AuditService returns a null ContextHandler object."), secAuditHepler, "com.ibm.websphere.management.authorizer.SecurityAuditingHelper", "80");
                Tr.error(tc, "security.audit.service.context.error");
                auditService.processAuditFailure("security.audit.service.context.error", null);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getContextHandler, auditService: " + auditService + ", returns contextHandler: " + contextHandler);
        }
        return contextHandler;
    }

    public static SecurityAuditingHelper getInstance() {
        initialize();
        return secAuditHepler;
    }

    public void logSecurityAuditForCommand(boolean z, String str, String str2, String str3, String str4, List list) {
        String str5;
        String str6;
        String str7;
        long j;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityAuditForCommand, cmdName: " + str2, new Object[]{Boolean.valueOf(z), str, str2, str3, str4, list});
        }
        if (z) {
            str5 = AuditOutcome.SUCCESSFUL;
            str6 = "SUCCESS";
            str7 = "SUCCESS";
            j = 6;
        } else {
            str5 = AuditOutcome.UNSUCCESSFUL;
            str6 = "DENIED";
            str7 = "DENIED";
            j = 17;
        }
        if (tc.isDebugEnabled() && auditService != null) {
            Tr.debug(tc, "isEventRequired for SECURITY_RESOURCE_ACCESS? SUCCESS: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS") + ", DENIED: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED") + ", INFO: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "INFO") + ", ERROR: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "ERROR"));
        }
        ContextHandler contextHandler = getContextHandler();
        if (auditService != null && contextHandler != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", str6)) {
            String[] strArr = (String[]) list.toArray(new String[list.size()]);
            if (strArr.length == 0) {
                strArr = new String[]{SA_VALUE_NOT_AVAILABLE};
            }
            setDefaultContextData(contextHandler);
            setSessionContextData(contextHandler, str3);
            setAccessContextData(contextHandler, z, str, str2, str4, SA_RES_TYPE_COMMAND, strArr);
            setResponseContextData(contextHandler, SA_VALUE_NOT_AVAILABLE);
            ConcurrentHashMap buildOutcomeData = DataHelper.buildOutcomeData(str5, new Integer(0), new Integer(0), str7, j);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "auditOutcome: " + buildOutcomeData);
            }
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", buildOutcomeData);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "logSecurityAuditForCommand, security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityAuditForCommand, cmdName: " + str2);
        }
    }

    public void logSecurityAuditForMBean(boolean z, ObjectName objectName, String str, String str2, String str3) {
        logSecurityAuditForMBean(z, objectName, str, str2, str3, null, null);
    }

    public void logSecurityAuditForMBean(boolean z, ObjectName objectName, String str, String str2, String str3, String[] strArr, String[] strArr2) {
        String str4;
        String str5;
        String str6;
        long j;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityAuditForMBean, MBeanName: " + objectName, new Object[]{Boolean.valueOf(z), objectName, DebugUtils.hidePassword(str), str2, str3, strArr, strArr2});
            Tr.debug(tc, "resNames: " + stringArrayToArrayList(strArr) + ", resTypes: " + stringArrayToArrayList(strArr2));
        }
        if (z) {
            str4 = AuditOutcome.SUCCESSFUL;
            str5 = "SUCCESS";
            str6 = "SUCCESS";
            j = 6;
        } else {
            str4 = AuditOutcome.UNSUCCESSFUL;
            str5 = "DENIED";
            str6 = "DENIED";
            j = 17;
        }
        if (tc.isDebugEnabled() && auditService != null) {
            Tr.debug(tc, "isEventRequired for SECURITY_RESOURCE_ACCESS? SUCCESS: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS") + ", DENIED: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED") + ", INFO: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "INFO") + ", ERROR: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "ERROR"));
        }
        ContextHandler contextHandler = getContextHandler();
        if (auditService != null && contextHandler != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", str5)) {
            String[] strArr3 = {SA_VALUE_NOT_AVAILABLE};
            String mBeanType = ObjectNameHelper.getMBeanType(objectName);
            if (str2 == null) {
                str2 = SA_VALUE_NOT_AVAILABLE;
            }
            if (mBeanType == null) {
                mBeanType = objectName.toString();
            }
            String mBeanIdentifier = ObjectNameHelper.getMBeanIdentifier(objectName);
            if (mBeanIdentifier != null && mBeanIdentifier.contains("/")) {
                mBeanType = mBeanType + " (module)";
            }
            setDefaultContextData(contextHandler);
            setSessionContextData(contextHandler, str2);
            int indexOf = str.indexOf("(");
            setAccessContextData(contextHandler, z, mBeanType, str, indexOf > 0 ? str3 + " " + mBeanType + ":" + str.substring(0, indexOf) : str3 + " " + mBeanType + ":" + str, SA_RES_TYPE_MBEAN, strArr3);
            setResponseContextData(contextHandler, SA_VALUE_NOT_AVAILABLE);
            ConcurrentHashMap buildOutcomeData = DataHelper.buildOutcomeData(str4, new Integer(0), new Integer(0), str6, j);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "auditOutcome: " + buildOutcomeData);
            }
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", buildOutcomeData);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "logSecurityAuditForMBean, security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityAuditForMBean, MBeanName: " + objectName);
        }
    }

    public void logSecurityAuditForRepository(boolean z, String str, String str2, String str3, String str4) {
        String str5;
        String str6;
        String str7;
        long j;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityAuditForRepository, url: " + str4, new Object[]{Boolean.valueOf(z), str2, str3, str4});
        }
        if (z) {
            str5 = AuditOutcome.SUCCESSFUL;
            if (str2 == SA_ACTION_RESOURCE_ACCESS) {
                str6 = "SUCCESS";
                str7 = "SUCCESS";
                j = 6;
            } else {
                str6 = "INFO";
                str7 = "INFO";
                j = 6;
            }
        } else {
            str5 = AuditOutcome.UNSUCCESSFUL;
            if (str2 == SA_ACTION_RESOURCE_ACCESS) {
                str6 = "DENIED";
                str7 = "DENIED";
                j = 17;
            } else {
                str6 = "ERROR";
                str7 = "ERROR";
                j = 14;
            }
        }
        if (tc.isDebugEnabled() && auditService != null) {
            Tr.debug(tc, "isEventRequired for SECURITY_RESOURCE_ACCESS? SUCCESS: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS") + ", DENIED: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED") + ", INFO: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "INFO") + ", ERROR: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "ERROR"));
        }
        ContextHandler contextHandler = getContextHandler();
        if (auditService != null && contextHandler != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", str6)) {
            String[] strArr = {str3};
            int lastIndexOf = str4.lastIndexOf(47);
            String substring = lastIndexOf >= 0 ? str4.substring(lastIndexOf + 1) : str4;
            setDefaultContextData(contextHandler);
            setSessionContextData(contextHandler, SA_VALUE_NOT_AVAILABLE);
            setAccessContextData(contextHandler, z, str, substring, str2, SA_RES_TYPE_REPOSITORY, strArr);
            setResponseContextData(contextHandler, str4);
            ConcurrentHashMap buildOutcomeData = DataHelper.buildOutcomeData(str5, new Integer(0), new Integer(0), str7, j);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "auditOutcome: " + buildOutcomeData);
            }
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", buildOutcomeData);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "logSecurityAuditForRepository, security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityAuditForRepository, url: " + str4);
        }
    }

    private void setDefaultContextData(ContextHandler contextHandler) {
        contextHandler.buildContextObject("EVENT_CONTEXT", DataHelper.buildEventData(auditService.getLastTrailId(), auditService.getEventTrailIds(), new Date(), new Long(0L).longValue()));
        contextHandler.buildContextObject("PROPAGATION_CONTEXT", DataHelper.buildPropagationData(auditService.getFirstCaller(), auditService.getCallerList()));
        contextHandler.buildContextObject("PROCESS_CONTEXT", DataHelper.buildProcessData(auditService.getDomain(), ContextManagerFactory.getInstance().getDefaultRealm()));
        contextHandler.buildContextObject("REGISTRY_CONTEXT", DataHelper.buildRegistryData(null));
    }

    private void setSessionContextData(ContextHandler contextHandler, String str) {
        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(str, null, null, null));
    }

    private void setAccessContextData(ContextHandler contextHandler, boolean z, String str, String str2, String str3, String str4, String[] strArr) {
        contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(str, str3, null, null, z ? "authnSuccess" : "authnFailure", str2, str4, new Long(0L), null, null, strArr, null));
    }

    private void setResponseContextData(ContextHandler contextHandler, String str) {
        contextHandler.buildContextObject("RESPONSE_CONTEXT", DataHelper.buildResponseData(str, null, null));
    }

    private ArrayList stringArrayToArrayList(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                try {
                    boolean add = arrayList.add(strArr[i]);
                    if (tc.isDebugEnabled() && !add) {
                        Tr.debug(tc, "stringArrayToArrayList, failed to add \"" + strArr[i] + "\" to the result ArrayList.");
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "stringArrayToArrayList, got unexpected exception: " + e + ". The conversion result may not be correct.", e);
                    }
                }
            }
        }
        return arrayList;
    }

    public void logSecurityAuditForSession(boolean z, String str, String str2, String str3, String str4) {
        String str5;
        String str6;
        String str7;
        long j;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityAuditForSessoin", new Object[]{Boolean.valueOf(z), str, str2, str3, str4});
        }
        if (str3.equals("create")) {
            str3 = SA_ACTION_CREATE_SESSION;
        } else if (str3.equals("save")) {
            str3 = SA_ACTION_SAVE_SESSION;
        } else if (str3.equals(Cookie2.DISCARD)) {
            str3 = SA_ACTION_DISCARD_SESSION;
        }
        if (z) {
            str5 = AuditOutcome.SUCCESSFUL;
            str6 = "SUCCESS";
            str7 = "SUCCESS";
            j = 6;
        } else {
            str5 = AuditOutcome.UNSUCCESSFUL;
            str6 = "DENIED";
            str7 = "DENIED";
            j = 17;
        }
        if (tc.isDebugEnabled() && auditService != null) {
            Tr.debug(tc, "isEventRequired for SECURITY_RESOURCE_ACCESS? SUCCESS: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS") + ", DENIED: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED") + ", INFO: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "INFO") + ", ERROR: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "ERROR"));
        }
        ContextHandler contextHandler = getContextHandler();
        if (auditService != null && contextHandler != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", str6)) {
            String[] strArr = str4 == null ? new String[]{SA_VALUE_NOT_AVAILABLE} : new String[]{str4};
            setDefaultContextData(contextHandler);
            setSessionContextData(contextHandler, str2);
            setAccessContextData(contextHandler, z, str, str3, str3, SA_RES_TYPE_SESSION, strArr);
            setResponseContextData(contextHandler, SA_VALUE_NOT_AVAILABLE);
            ConcurrentHashMap buildOutcomeData = DataHelper.buildOutcomeData(str5, new Integer(0), new Integer(0), str7, j);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "auditOutcome: " + buildOutcomeData);
            }
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", buildOutcomeData);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "logSecurityAuditForSession, security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityAuditForSession");
        }
    }

    public void logSecurityAuditForDeployment(DeploymentAction deploymentAction, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "logSecurityAuditForDeployment", new Object[]{deploymentAction, str, str2, str3, str4, str5, str6, str7, str8, str9, str10});
        }
        if (tc.isDebugEnabled() && auditService != null) {
            Tr.debug(tc, "isEventRequired for SECURITY_RESOURCE_ACCESS? SUCCESS: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS") + ", DENIED: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "DENIED") + ", INFO: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "INFO") + ", ERROR: " + auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "ERROR"));
        }
        ContextHandler contextHandler = getContextHandler();
        if (auditService != null && contextHandler != null && auditService.isEventRequired("SECURITY_RESOURCE_ACCESS", "SUCCESS")) {
            String str11 = "";
            switch (deploymentAction) {
                case INSTALL:
                    str11 = SA_ACTION_APPLICATION_INSTALL;
                    break;
                case UPDATE:
                    str11 = SA_ACTION_APPLICATION_UPDATE;
                    break;
                case EDIT:
                    str11 = SA_ACTION_APPLICATION_EDIT;
                    break;
            }
            String[] strArr = {SA_VALUE_NOT_AVAILABLE};
            if (str == null) {
                str = SA_VALUE_NOT_AVAILABLE;
            }
            setDefaultContextData(contextHandler);
            setSessionContextData(contextHandler, str);
            if (str6 == null) {
                str6 = "";
            }
            if (str7 == null) {
                str7 = "";
            }
            setAccessContextData(contextHandler, true, str2, WorkSpaceConstant.FIELD_SEPERATOR + str3 + "][" + str5 + "][" + str6 + "][" + str7 + "][" + str8 + "][" + str9 + "][" + str10 + "]", str11, SA_RES_TYPE_APPLICATION, strArr);
            ConcurrentHashMap buildOutcomeData = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 6L);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "auditOutcome: " + buildOutcomeData);
            }
            try {
                auditService.sendEvent("SECURITY_RESOURCE_ACCESS", buildOutcomeData);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "logSecurityAuditForMBean, security.JSAS1503E", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "logSecurityAuditForDeployment");
        }
    }
}
